Firms not taking privileged access management seriously enough, says vendor report

It’s not easy for attackers to steal data if they can’t access it. But if a survey from a security vendor is accurate, not enough organizations are taking seriously enough the management of employees with privileged access to digital assets.

According to the online survey of 1,000 IT decision makers (500 in the U.S. and 500 in the U.K.) online in October 2018, 74 per cent of respondents whose organization had suffered a data breach said it involved access to a privileged account.

Yet many aren’t taking what Centrify — which makes privilege access management (PAM) solutions — calls the simplest measures to reduce risk. For example:

  • 52 per cent of respondents said their organization doesn’t have a password vault;
  • 65 per cent are still sharing root or privileged access to systems and data at least somewhat often
  • 63 per cent indicate their companies usually take more than one day to shut off privileged access for employees who leave the company
  • 21 per cent still have not implemented multi-factor authentication (MFA) for privileged administrative access

PAM solutions are a subset of identity and access management. As its name suggests, PAM means limiting access to digital assets to, if you will, a privileged few.

In addition to Centrify there’s a huge number of PAM providers, including Thycotic, CyberArk, ManageEngine, Beyond Trust, Broadcom, IBM and Red Hat.

According to Gartner, a PAM solution can not only discover privileged accounts on systems, devices and applications, it automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts; control access to privileged accounts, including shared and “firecall” (emergency access) accounts; and isolate, monitor, record and audit privileged access sessions, commands and actions.

The report’s authors found other concerning responses, such as 63 per cent of all respondents indicated their companies usually take more than a day to turn off privileged access for an employee who leaves the company. In addition, 45 per cent said they aren’t security public and private cloud workloads with PAM solutions. Nor are a majority securing network devices with privileged access controls.

Read the full report here. Registration required.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now