Story image

APAC firms leaving password management to employees - at a cost

23 Jan 18

Asia Pacific organisations admit that employee behaviour and IT policy don’t match up, particularly when it comes to passwords.

Despite the danger of week passwords, a new study by Ovum and LastPass suggests that Asia Pacific organisations rely too heavily on employees to monitor their own behaviour – rather than using technology to address the problem.

The study found that 78% of IT executives do not have the proper controls that could allow them to control employee access to cloud-based applications. While organisations are aware of the lack of visibility, few are doing anything about it.

29% of respondents say they use entirely manual processes to manage user passwords for cloud applications.

“This research has clearly identified an urgent need to close the password security gap,” comments Ovum principal analyst for infrastructure solutions, Andrew Kellett.

“Far too many organisations are leaving the responsibility for password management to their employees and don’t have the automated password management technology in place to identify when things are going wrong.”

According to the survey, even employees are dissatisfied with password management practices. 75% of employees experience regular password usage problems.

A third say they need helpdesk support about password at least once per month.

The study suggests that this could be due to a lack of single sign-on in organisations. 56% of surveyed firms did not use any method of single sign-on authentication.

22% of Australian employees say they have shared their credentials with colleagues, and 11% have shared them with third parties.

However organisations don’t really know what to do to curb password sharing – 71% have no technology in place to deal with it and only 13% have controls in place that can alert IT teams when it happens.

69% of employees said they would use a tool to store or access passwords if one was available.

“In many cases, an organisation’s password management practices are overly reliant on manual processes and far too often place an excessive level of trust in employees to use safe password practices,” comments LastPass general manager Matt Kaplan.

“The threat posed by human behaviour coupled with the absence of technology to underpin policy is leaving companies unnecessarily at risk from weak or shared passwords. Organisations need to focus on solving for both obstacles in order to significantly improve their overall security.”

The survey polled 355 IT executives and 550 corporate employees in Asia Pacific, North America and Europe.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.