New IDSA Study Shows Delays in Granting and Revoking Access

New IDSA Study Shows Delays in Granting and Revoking Access

The Identity Defined Security Alliance (IDSA) today released a study on Identity and Access Management focused on delays in granting and revoking access. These delays, according to the IDSA, introduce significant risks to enterprise IT environments. 

ALERT: Cyber threats don’t rest, even during global pandemics. You can learn more with the Solutions Review Identity Management Buyer’s Guide and our other resources. We also provide a Bottom Line analysis for each vendor covered therein, as well as key facts about the Identity Management market. 

The IDSA is a research-oriented nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies. It comprises a group of identity and security vendors, solution providers, and practitioners acting as an independent source of thought leadership, expertise, and practical guidance on identity-centric approaches to security for technology professionals. 

Regarding granting and revoking access delays, IDSA found the majority of companies (72 percent) it takes one week or longer for a typical worker to obtain access to required systems. Additionally, it takes about 50 percent of organizations three days or longer to revoke system access after a worker leaves; this creates both risk and compliance problems. 83 percent reported that remote work environments made it more difficult to manage access. 

Moreover, IT security teams might have trouble taking the appropriate steps in granting and revoking access if and when the time comes. 62 percent report that they would hesitate to revoke worker access if they detected malicious behavior. Only 38 percent reported that they would immediately cut off access for such an employee. 

Julie Smith, executive director of the IDSA, shared some comments with the release of the report. “These numbers are alarming from a security risk perspective. Failing to revoke system access immediately after a worker leaves an organization and when suspicious access is detected present significant risk. The good news for enterprises is that the risks highlighted in the study can be mitigated through enlisting the help of stakeholders, who also want to be a part of the solution, through governance process, automation, and identity-centric security strategies.”

Learn more about the IDSA here. 

Ben Canner