According to a recent survey of IT professionals, conducted by industry analyst firm Enterprise Strategy Group (ESG) and sponsored by McAfee, password management is a huge challenge for organizations:
- Despite the fact that 55% of respondents believe username/password authentication is no longer secure, 34% of respondents say that their employees have more than five passwords, on average.
- Thirty-nine percent (39%) of respondents report that the average user requests help resetting a password more than five times a month.
When survey respondents were asked about their organization’s biggest challenges when it comes to creating and managing multiple passwords:
- 43% of respondents report employees are challenged with changing passwords when required to do so.
- 38% are challenged to choose a unique password for each account.
- 35% have trouble remembering all their passwords.
- 35% also have trouble resetting passwords when they forget or need to change them.
Things don’t get much better when we’re talking about busy IT admins trying to create (provision) and terminate (de-provision) accounts for users. Fifty percent (50%) of survey respondents say it takes “days” to provision new hires with all the systems and accounts they require to be productive, while 6% admit it takes “weeks.”
And, the problems don’t stop with provisioning. When respondents were asked to list their organization’s biggest challenges in terms of managing accounts:
- 43% of respondents say, “Changing accounts as employees change roles/and or internal organizations”
- 42% of respondents say, “Terminating accounts when users leave or are terminated”
- 37% say, “Monitoring identity stores for stale and/or rogue accounts”
If this sounds depressingly familiar to you, you probably have questions like: “What are the best practices for provisioning and de-provisioning SaaS accounts?” “Which methods of authentication should I be deploying?” and “How do I make this easier for my users with all of these different cloud applications and accounts scattered across our organization?”
Here are some resources that may help:
- The ESG whitepaper, “Cloud Computing Demands Enterprise- class Password Management and Security” details ESG’s survey findings, and then provides recommendations that may answer some of your questions.
- Our “McAfee Cloud Identity Buyer’s Guide: Managing Identity in the Cloud” offers guidance for evaluating and selecting an Identity and Access Management (IAM) solution. The guide explains the technologies and acronyms, describes different deployment models, discusses regulatory requirements, and even provides a sample Request for Proposal (RFP) that you can use.
We’ve recently introduced our new Identity and Access Management solutions, including single sign-on for cloud applications, and our one-time password solution with multi-factor authentication. We’ve also introduced ourselves, the McAfee Identity Center of Expertise. We’re here to help and we’d like to help you get real answers to these questions.
Engage with us by commenting or asking me a question here in this post.
Thanks and on behalf of the entire Center, we look forward to hearing from you.