|30 May, 2019

New Centrify Survey Reveals Most Organizations Are Over-Confident in Their Ability to Stop Data Breaches

Study Finds That 93% Feel Somewhat Prepared Against Threats Involving Privileged Access, the Leading Cause of Data Breaches, Despite 52% Not Having a Password Vault

New Centrify Survey Reveals Most Organizations Are Over-Confident in Their Ability to Stop Data Breaches

Dubai, UAE: Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today announced results of a new survey in partnership with TechVangelism that indicate the majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector.

Seventy-nine percent of organizations do not have a mature approach to Privileged Access Management (PAM), yet 93% believe they are at least somewhat prepared against threats that involve privileged credentials. This overconfidence and immaturity are underscored by 52% of organizations surveyed stating they do not use a password vault, indicating that the majority of companies are not taking even the simplest measures to reduce risk and secure access to sensitive data and critical infrastructure.

The survey of 1,300 organizations across 11 industry verticals in the U.S. and Canada reveals that most organizations are fairly unsophisticated and still taking Privileged Access Management approaches that would best be described as “Nonexistent” (43%) or “Vault-centric” (21%). More sophisticated organizations take an “Identity-Centric” (15%) approach that tries to limit shared and local privileged accounts, replacing them with centralized identity management and authentication with an enterprise directory. The most protected organizations are considered “Mature” (21%) because they address PAM by going beyond vault- and even identity-centric techniques by hardening their environment further via a number of initiatives (e.g., centralized management of service and app accounts and enforcing host-based session, file, and process auditing).

“This survey indicates that there is still a long way to go for most organizations to protect their critical infrastructure and data with mature Privileged Access Management approaches based on Zero Trust,” said Tim Steinkopf, CEO of Centrify. “We know that 74% of data breaches involve privileged access abuse, so the overconfidence these organizations exhibit in their ability to stop them from happening is concerning. A cloud-ready Zero Trust Privilege approach verifies who is requesting access, the context of the request, and the risk of the access environment to secure modern attack surfaces, now and in the future.”

The survey also revealed some specific insights about the solutions being used to control privileged access, including:

  • 52% of organizations are using shared accounts for controlling privileged access.
  • 58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access.
  • 51% of organizations do not control access to transformational technologies with privileged access, including modern attack surfaces such as cloud workloads (38%), Big Data projects (65%), and containers (50%).

Looking at organizations’ PAM maturity by industry, some surprises emerged:

  • 39% of Technology organizations have a Nonexistent approach to PAM.
  • Two highly-regulated industries, Healthcare (45%) and Government (42%), also scored high for Nonexistent PAM maturity.
  • Finance (27%) unsurprisingly scored highest in the Mature category, followed by Energy/Utilities (26%), and then Technology (25%), as well as Healthcare (22%).
  • Professional Services is taking a highly Vault-Centric approach to PAM at 29% of organizations.

Industry research firm Gartner named PAM a Top 10 security project for 20191 and has predicted it to be the second-fastest growing segment for information security and risk management spending worldwide in 20192. However a vault-centric approach is not enough for modern attack surfaces.

Centrify is redefining legacy approaches to PAM with cloud-ready Zero Trust Privilege. To download a complimentary copy of the survey results, please visit http://bit.ly/CentrifyTVSurvey.

For more information about Centrify Zero Trust Privilege, visit https://www.centrify.com/education/what-is-zero-trust-privilege/

1 Gartner, Top 10 Security Projects for 2019, Brian Reed | Neil MacDonald | Peter Firstbrook | Sam Olyaei | Prateek Bhajanka, 11 February 2019.

2 Gartner, Forecast Analysis: Information Security and Risk Management, Worldwide, 3Q18 Update, Rustam Malik | Deborah Kish | Christian Canales | Ruggero Contu | Sid Deshpande | Elizabeth Kim | Dale Gardner, 12 December 2018.      

About Centrify

Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

© Press Release 2019

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

More From Press Releases