Enterprise security isn’t working

Enterprise security isn’t working

Organisations are spending $75 billion on security, yet data breaches are continuing at an alarming rate

A new Forrester study has revealed the enterprise security industry is failing, with organisations being breached at an alarming rate.

  • Two-thirds of organisations have experienced an average of five or more security breaches in the past 2 years
  • Hackers compromised more than 1 billion identities in 2016

Traditional approaches are clearly not working. Why is this? For years organisations have relied on defending a well defined boundary to protect their information and IT system assets. But new technologies such as cloud computing, mobile and home based working practices have rendered that approach ineffective. The boundary has simply disappeared.

So without a boundary, how can organisations defend themselves? One part of the answer is Identity and Access Management (IAM). Unfortunately most organisations don't have effective IAM and inevitably this leads to more breaches and higher costs.

Is IAM so effective? Forrester certainly think so. Their study showed that:

  • Organisations with the highest level of IAM maturity are 46% less likely to suffer a server or application breach, 51%  less likely to suffer a database breach and 63% less likely to suffer cloud infrastructure breach
  • Securing privileged access is key: Forrester estimate that 80% of security breaches involve privileged credentials, typically those belonging to the IT professionals
  • Counter-intuitively, companies with a mature approach to IAM spend 40% less on IAM technology as a percentage of their entire budget, delivering average cost savings of $2,582,000; they do this by eliminating redundant IAM technologies

While IAM is certainly not the only answer to cyber security - other areas such as usability, data classification and organisational culture also have major parts to play - it is a conceptually simple strategy that clearly pays dividends.


The Forrester study "Stop the breach" was sponsored by IAM solutions provider Centrify and can be found here.

 

Copyright Lyonsdown Limited 2021

Top Articles

Can you trust Zero Trust?

Enterprises seeking a singular authentication model are increasingly taking a Zero Trust approach to ensuring proper identity authentication.

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Related Articles