A recent report by a leading industry analyst firm shared that there are five key solution areas for privileged account management (PAM). However, according to the Beyondtrust survey, only 40 percent of respondents have deployed at least some of these capabilities enterprise-wide, with 30 percent having no solutions at all. With the number of threats that are possibly based on excessive privilege rights, such as the ability to steal credentials, the ease of access to sensitive data, and an increase in the harm that can be done by malicious insiders, Beyondtrust maintains that companies must do a better job at protecting company assets.

One of the key points to take away from the Privilege Gone Wild 2 survey is that privileged account management is viewed as a cross-functional need. Security is driving PAM purchases in 82 percent of the organisations surveyed, and they are influenced by Compliance (57 percent) and IT Operations (42 percent) teams.  The respondents from 56 percent of the organisations also said that cross-functional needs dictate unified reporting as critical.

However, the survey did show that the focus on PAM is increasing, but cost is a concern. Seventy-nine percent of respondents indicated that employees are somewhat likely to very likely to access sensitive or confidential data out of curiosity. Almost 60 percent can circumvent whatever controls are in place. Forty-seven percent of the respondents also admitted that users in their organisations possess elevated privileges not necessary for their roles.

In terms of addressing the problem, thirty percent of the respondents expected to introduce new PAM technology in 2015, with password and server security claiming top spots on the list of priorities at 29 percent and 26 percent, respectively.

Respondents demonstrated concerns about cost, however, indicating that the most expensive PAM solutions available in the market are those from CA, Dell/Quest and Cyberark.

The risk associated with privileged users is also increasing.  Eighty-four percent believed that the risk to their organisations from privileged users will increase over the next few years.

Respondents thought that business information is most at risk (42 percent). This includes corporate intellectual property, source code, design documents, trade secrets, and compliance-related data such as PII.  In addition, “Shared passwords” are still a problem, as over half of the respondents indicated that shared passwords are managed “individually.” Thirty-four percent shared passwords “locally,” including on spreadsheets, Sharepoint, and Active Directory.

The areas most at risk for organisations are the business-critical, tier-1 applications, such as Linux- and UNIX-based systems, which control some businesses' most critical applications, including ERP, financial, and ecommerce systems.  In a particular area of concern, 60 percent of organisations have critical tier 1 applications running on UNIX or Linux platforms, but more than 57 percent have few or no tools or processes in place to protect against privilege misuse.

“While several stats in this year’s survey revealed the amount of work that needs to be done in the PAM space, it’s encouraging to see the trend of organisations’ security and IT ops teams willingness to work together to better manage the risks associated with excessive privileges,” said Scott Lang, director of privilege strategies, Beyondtrust. “Therefore, we hope this growing partnership will mean a new interest in deploying and maintaining effective PAM solutions and policies.”