View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 12, 2011

Privileged users causing data security headache

Many will access sensitive data simply to satisfy their curiosity, Ponemon research finds

By Steve Evans

Businesses are leaving themselves open to the risk of data breaches by failing to adequately control privileged users, according to a report from HP and the Ponemon Institute.

The survey spoke to more than 5,000 IT operations and security managers across 13 countries and found that 52% are at least "likely" to be provided with access privileges beyond those that their job requires.

Of those workers that are trusted with privileged access rights, 64% claim they will access confidential data simply out of curiosity, while 68% believe they are "empowered" to access all the sensitive data they want.

According to HP "general business data" is most at risk of snooping, along with customer data, while mobile, social media and business unit specific applications were most targeted.

What really stands out from these results is the lack of control many organisations appear to have over user access rights. Just under one-third of respondents believe that access governance policies are in-place and are strictly enforced at their organisation.

Just 15% of companies admitted they could be confident that they are able to determine if a user is complaint with policies.

Many respondents said that the inability to keep up with change requests from users, inconsistent approval processes, high costs of monitoring and difficulty in validating access changes were creating a barrier to enforcing privileged user access rights.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"This study spotlights risks that organisations don’t view with the same tenacity as critical patches, perimeter defence and other security issues, yet it represents a major access point to sensitive information," said Tom Reilly, vice president and general manager, Enterprise Security Products, HP.

"The results clearly emphasise the need for better access policy management, as well as advanced security intelligence solutions, such as identity and privileged user context, to improve core security monitoring."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU