The costs associated with the manual updating of privileged passwords are becoming "astronomical", according to new research from security firm Cyber-Ark and industry analyst IDC.
The companies estimate that the typical enterprise spends more than US$500,000 a year simply maintaining and updating privileged passwords.
Privileged passwords are the non-personal, shared and administrative passwords that exist in virtually every device or software application in an enterprise.
Cyber-Ark claimed that companies are unknowingly losing millions of dollars annually on outages, labour-intensive work, legal liability and audit deficiencies related to mismanaged privileged passwords.
Unchecked privileged passwords can be an unmitigated security threat for an organisation, but the research uncovered a general lack of strict policies for creating and varying privileged passwords which could help prevent breaches.
Further complicating the issue is that many, if not most, privileged passwords are generic in nature and lack the personalisation necessary for tracking and auditing.
In fact, most organisations have more privileged user passwords than personal passwords, the researchers said.
"Our research shows that managing privileged passwords is a security conundrum," said Sally Hudson, research manager for IDC's Security Services and Identity Management Products programme, and author of the report.
"IDC believes that the risk can be significantly mitigated by implementing policies which demand special treatment for privileged passwords.
"These include the ability to disable an employee's system access promptly on employee termination, enforcing a company-wide password change on a regular basis and implementing reliable auditing and reporting systems."
Enterprises wasting millions updating privileged passwords
By Clement James on Feb 1, 2007 9:23AM