These days I received a pretty interesting survey compiled by Cyber-Ark, one of the vendors in the market for Privileged Account Management (PAM) or Privileged Identity Management (PIM), like Cyber-Ark calls that market segment. I seldom read such an interesting survey, providing insight in the dark side of many users. The survey which has been carried out amongst 600 workers, mainly from financial districts, in New York, London, and Amsterdam included some really tough questions. People were for example asked whether people would try their hardest to gain access to the redundancy lists if rumors about redundancies were on their way. 46% of all participants – and 57% in the US – answered with yes. And 70% of these US employees said that they would use their IT system to snoop around. On the other hand, 71% of the people from the Netherlands answered that they would preemptively download company and competitive information if their job were at risk. Another interesting number: 62% of the US participants and 54% of the ones from the Netherlands said that they find it easy to take sensitive or valuable information out of the company – with eMail and memory sticks being the easiest approaches to do that.
Honestly, I’m somewhat surprised about the impressively high numbers of people which will do illegal things – even while I would agree that I’m a cynic sometimes, these numbers were somewhat above my expectations. The real important lesson that enterprises have to act. They have to act on Identity and Access Management, GRC, Privileged Account Management, Data Leakage Prevention, and Information Rights Management. And they have to act with a combined strategy which focuses on really closing the gaps – not only some of many doors. PAM is a must in these days, given that privileged accounts impose the highest risks and most companies don’t really know who has access to some of these accounts. Information Rights Management has to become reality. And Data Leakage Prevention has to be performed in the context of the identities – approaches, on which companies like RSA are working in these days. It is time to act – especially in these days, because fear and uncertainty are perfect drivers for computer crime.
I really appreciate the survey compiled by Cyber-Ark. For sure they like to spread their message about the importance of PAM. But even if the numbers where significantly smaller, their message still would be true: It is latest time to really protect the companies valuable intellectual properties and sensitive information – with a mix of PAM and the other technologies mentioned above.