Virtualization Technology News and Information
New Report Reveals Significant Delays Revoking System Access, Impacting Security Risk

The Identity Defined Security Alliance (IDSA) released a study on Identity and Access Management which uncovers significant delays in granting and revoking access to corporate systems, impacting operations and introducing risk to the organization. 

According to the study, for the majority of companies (72%) it takes one week or longer for a typical worker to obtain access to required systems. Conversely, it takes half of organizations three days or longer to revoke system access after a worker leaves, creating regulatory compliance issues and the risk of data theft. To make matters worse, for the majority of organizations (83%), remote work and other Covid-19 related factors have made managing access to corporate systems more difficult.

The report, "Identity and Access Management: The Stakeholder Perspective," is based on an online survey of access stakeholders, human resources, sales managers, and IT help desk professionals, who are impacted by IAM processes and technologies and who interact directly with workers (employee, contractor and vendors) to set up, remove, and resolve access problems. 

Despite agreement from access stakeholders that they have responsibility for security, most (62%) report that they would be hesitant to take action and cut worker access in the face of concerning behavior. Only two in five (38%) reported that they would immediately cut off access for a worker who was accessing systems or data inappropriately, leaving the door open for risk due to an insider threat or compromised credentials. 

In addition, seven in 10 (69%) access stakeholders themselves confess to having personally engaged in sloppy system identity behavior, including using the same username and password for both work and personal accounts, using an unauthorized device for work, or sharing credentials with non-workers. Two-thirds (68%) agreed that even though they care about security, it is more important to get their job done.

Two in five access stakeholders (39%) agreed that system access at their company is "messy" and most (83%) believe that system access can be better. Automation may be one key to improving system access challenges. Less than a quarter (23%) report that they automate enabling access to required corporate systems, while only a third (35%) report automation of revoking access when workers leave.

"These numbers are alarming from a security risk perspective. Failing to revoke system access immediately after a worker leaves an organization and when suspicious access is detected present significant risk," said Julie Smith, executive director of the IDSA. "The good news for enterprises is that the risks highlighted in the study can be mitigated through enlisting the help of stakeholders, who also want to be a part of the solution, through governance process, automation, and identity-centric security strategies."

Identity Defined Security Alliance Guidance and Resources

The IDSA has defined best practices and identity defined security outcomes that can help organizations address the access challenges highlighted in the research, improving business operations and reducing risk. For IDSA guidance on the specific access challenges raised in the report, visit

The full IDSA library of identity defined security outcomes and approaches, can be accessed here

To download the full report, visit
Published Thursday, February 04, 2021 8:15 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2021>