Security professionals aren't confident in the access management tools they have in place, and they believe employees would sell sensitive company data if given the right price, a recent study found.
The “2013 Market Pulse Survey,” a report conducted by research firm Loudhouse and commissioned by SailPoint, an Austin, Texas-based identity management company, reveals some troublesome statistics regarding identity and access management (IAM) gathered from the 400 IT professionals surveyed.
According to the study, when asked about the level of confidence in the ability to either “grant or revoke” employee access to company applications or data, 46 percent of respondents were doubtful in the internal controls currently in place at their respective organizations. The same number of respondents stated that they could not prove the efficiency of those controls.
Additionally, more than half (54 percent) said that their organization has experienced an incident where a terminated employee attempted to access company applications or data after they left. This is an alarming statistic considering that 45 percent of those surveyed believe that employees would sell sensitive company data if they were offered the right price.
In an email to SCMagazine.com, Jackie Gilbert, CMO and founder at SailPoint, said that these statistics highlight the “moral grey area” when it comes to ownership of the data. “Many employees don't view data theft as a crime,” Gilbert said. “It's fairly common for terminated workers to take data, such as customer contacts or product plans, with them when they leave a job. Adding to that, there are actually now readily available outlets to sell personal data on the internet black market.”
As enterprises continue to grapple with the level of oversight needed as cloud and mobile technologies ramp up, the survey indicates that professionals feel that security incidents are looming. Over half of respondents admitted accessing company data they shouldn't have access to, and 51 percent believe that "it's only a matter of time" before a breach occurs.
“If companies are not carefully monitoring and managing access by insiders, they are likely exposing themselves to very real risk,” Gilbert said.