82% of respondents say that privileged access management facilitates the move to next-generation technologies.
PHOENIX, June 6, 2018 – BeyondTrust, the leading cybersecurity company dedicated to preventing privilege misuse and stopping unauthorized access, today announced the results of the 2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology Survey. The survey shows that 90% of enterprises are engaged with at least one next-generation technology (NGT), such as cloud, IoT, or AI. Yet, while enterprises are optimistic about the business benefits these technologies can bring, they also have concerns about the risks, with 78% citing the security risks of NGTs as somewhat to extremely large. One in five respondents experienced five or more breaches related to NGTs. Excessive user privileges were implicated in 52% of breaches.
It is an exciting time for IT. Next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are leading the way to a bright future full of operational efficiencies, greater business agility, and cost savings. Yet, there is also a dark side to these NGTs: security vulnerabilities.
To better understand how security issues, such as privileged access management (PAM), affect the adoption of NGTs, BeyondTrust – the leader in PAM – surveyed 612 IT professionals in 13 countries. The results are a wake-up call for anyone looking to leverage these NGTs.
DevOps has Reached Mainstream – AI and IoT Not Far Behind
The survey found broad interest in NGTs, with the most common being Digital Transformation (DX), DevOps and IoT. IT reports these NGTs are important for organizations, with 63% saying DX will have a somewhat to extremely large impact on their organization, followed by DevOps (50%), AI (42%), and IoT (40%).
Significant Movement Toward the Cloud
The survey also found that cloud transformation is accelerating. Respondents indicate that – today – 62% of workloads are on-premises, with 15% in a public cloud, 11% in private clouds, and 8% in SaaS applications. Over the next three years, that is projected to dramatically change: on-premises drops to 44%, public cloud jumps to 26%, private cloud increases to 15%, and SaaS increases to 12%.
One in Five Respondents Experienced Five or More Breaches Related to NGTs
Security issues, as a result of NGTs, happen at an alarming rate. 18% of respondents indicated they had a breach related to NGTs in the last 24 months that resulted in data loss, 20% experienced a breach that resulted in an outage, and 25% saw breaches over that time period that triggered a compliance event. One in five survey respondents experienced 5 or more breaches.
Too Much Privilege Results in Breaches
The study shows that more than half the time, these breaches occur due to trusted users doing inappropriate things for innocent reasons, with 13% of respondents indicating it happens “often” or “all the time.” In 18% of the cases, it’s trusted insiders going rogue, and in 15% of the cases, its outsiders gaining privileged access to steal credentials. In each case, excessive privileges are to blame.
There are real business costs that result from breaches. The top costs are lost productivity, loss of reputation, monetary damages, and compliance penalties.
Privileged Access Management Can Facilitate the Move to NGTs
Respondents overwhelmingly indicate that PAM-related capabilities can improve security and facilitate a move to NGTs. Top practices include controlling and governing privileged and other shared accounts (60%, 59%, respectively), enforcing appropriate credential usage (59%), and creating and enforcing rigorous password policies (55%). In fact, 100% of the survey respondents say they are employing at least one PAM-related best practice to avoid NGT problems with privileged access.
How Privileged Access Management Can Enable the Transformation to Next-Generation Technologies
To improve security while reaping the transformative benefits that NGTs offer, organizations should implement five privileged access management (PAM) best practices that address use cases from on-prem to cloud.
- Best Practice #1: Discover and inventory all privileged accounts and assets. Organizations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual, and cloud environments.
- Best Practice #2: Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organizations should scan both online and offline container instances and libraries for image integrity.
- Best Practice #3: Manage shared secrets and hard-coded passwords. Governing and controlling shared and other privileged accounts represent one of the most important tactics organizations can employ to limit the effects of data breaches resulting from NGTs.
- Best Practice #4: Enforce least privilege and appropriate credential usage. Organizations should only grant required permissions to appropriate build machines and images through least privilege enforcement.
- Best Practice #5: Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, QA, and production systems.
“It is encouraging to see that organizations understand the benefits that Privileged Access Management can deliver in protecting next-generation technologies, but there are more best practices to employ,” said Morey Haber, Chief Technology Officer at BeyondTrust. “The survey affirms that security should be at the forefront of new technology initiatives, otherwise, organizations can experience serious financial, compliance, and technological ramifications later on.”
For more detailed recommendations, and to learn how to implement the best practices to facilitate the safe adoption of NGTs, download the full report from the BeyondTrust web site.
BeyondTrust is a global information security software company that helps organizations prevent cyberattacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com.