Along with the independence remote work affords employees comes the use of shadow IT and poor password practices, according to a new survey by 1Password.
Image: Brian A. Jackson/iStock
Beleaguered IT personnel lose nearly a month (21 days) of work annually managing Identity and Access Management (IAM), revealed a new report from the EPM (enterprise password manager) company 1Password.
The tasks most frequently imposed on IT include resetting passwords and tracking app usage. For employees and IT staff, the swift pandemic-response transition to working-from-home (WFH) made daily security challenges even more relevant. Even if issues could be predicted, problems were likely, due to the rapidity of the switch, combined with the large number of employees reliant on a significantly and comparatively small IT department.
IAM proves to be a continual burr in productivity, not only for the IT staff, but for employees, too; 57% of IT workers reset employee passwords up to five times per week, and 15% are doing so at least 21 times weekly. The research revealed that 14% of IT workers “are consumed with IAM, and spend at least an hour per day on routine IAM tasks.”
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
One in three IT workers don’t fully enforce security policies, while 20% of workers don’t consistently adhere to security policies. The besieged IT staff “cite a lack of suitable technology resources and concern for employee effectiveness” which unquestionably affects “the relentless quest for productivity.”
IT workers believe they’re without resources to ensure IAM products are solid and effective, and don’t feel confident in the provided tools. Only 48% of IT workers allege that most of IAM products bring value to the company, while 13% said less than 10% of their IAM products actually deliver.
Shadow IT has become an even bigger problem in the new WFH normal, as IT staff are less able to monitor employees’ use at home of information technology systems, devices, software, applications, and services for which the company’s IT department has explicitly approved. Shadow IT impedes the power of EPM to achieve security, productivity and convenience.
IT departments use IAM to detect the unauthorized use of Shadow IT, and research revealed it’s “largely successful.” Four in five employees said they always follow the company’s IT policy, which means only 20% of all workers drive all Shadow IT activity. The report stresses these employees are not malicious actors, but are laser-focused on productivity: 49% cite productivity as the No. 1 reason for sidestepping the IT department’s rules.
“The Shadow IT picture is more complicated than many think,” said Jeff Shiner, chief executive officer, 1Password, in a press release. “Most of us follow the rules, but a small group of employees trying to get more done circumvent policies and create openings for credential attacks. They’re sometimes enabled by IT workers who empathize with their pursuit of productivity.”
The company scofflaws who don’t follow IT policy, according to the report, are:
IT workers did not lay all the blame for security issues on employees but said they lacked appropriate tech resources. They also said that “concern for employee effectiveness” is why 33% of IT staff are not resolutely enforcing the enterprise’s security policies.
IT staff admissions:
How IT staff feel about EPMs:
1Password used an online survey by Method Research and distributed by Dynata, with 1,000 full-time US computer/desk-job employees; 50% of respondents work in their company’s IT department, and 50% came from any department. Respondents were 18 and older, and “roughly balanced across age and geographic area.” Data was collected from April 15 through 23, 2020.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
