We all have it… a drawer in the house that seems to accumulate stuff that we can’t otherwise find a good place for. The drawer that won’t close every now and again because it catches on the wadded-up charging cable that you’re scared to throw away because you don’t know what it’s for.
Identity security programs have junk drawers, too.
Sometimes it’s an HR system; sometimes it’s a home-grown database or a spreadsheet. While the original intent for these systems is to house useful data to serve a specific purpose (e.g., an authoritative source), they become junk drawers when we start filling them simply because we don’t know where else to put them… the same reason that little wrench ends up in a drawer.
Most organizations house their non-employees and non-humans in their identity junk drawer: The contractor with the two-month assignment, the new third-party partner you’re starting business with, the consultant that requires a lot of access, an RPA with assigned privileges, the seasonal help hired around the holidays.
Scary Trends Revealed in Non-Employee Access
A recent global survey of security & IT professionals and executives found that 97% of companies provide access to non-employees and nearly 9 in 10 provide access privileges to non-humans. Creating identities and granting access to non-employees and non-humans is a business necessity. However, research shows identities are being managed poorly. Organizations are letting their junk drawers get out of hand!
Fifty-four percent of executives surveyed revealed that inappropriate access granted to a non-employee or non-human has resulted in severe security issues such as loss of control of resources, data loss, compromised intellectual property, direct security breaches and more.
Takeaway: Providing access to non-employees and non-humans is now a common business practice, but granting and managing access incorrectly poses a tremendous business risk.
A key contributor to the risk is the dependence on manual steps to grant access to third party non-employees, requiring actions and approvals from numerous employees. Sixty-seven percent of companies require three or more individuals to be involved in providing access for non-employees, and 30% require five or more people. With so many people involved, process ownership is often a mystery so it’s no surprise that nearly 7 out of 10 companies state they have issues with duplicate and orphaned identities. More people are putting more junk in the junk drawer!
As businesses utilize an increasing number of contract workers, third-party vendors, SaaS applications, and other non-employee entities, adopting a modern approach to non-employee risk management is no longer optional—it’s essential. Companies need to find a better, automated solution to manage the cybersecurity keys to their business and eliminate their identity junk drawer.
The first step is understanding how non-employee and non-human identities lead to security issues by downloading this whitepaper today.
