Orgs Increase Focus on Automating Access Control Management
A survey of 300 IT decision-makers conducted by Censuswide on behalf of Delinea, a provider of a privileged access management (PAM) platform, found a full 86% of respondents are now exploring ways to automate access controls.
Despite a high level of confidence in exiting approaches to managing access, the primary driver of that shift is the rise of multi-cloud computing (59%), the survey found.
A total of 83% of respondents said they are confident in their current access controls, even though two out of three respondents admitted their organizations had been victims of a successful cyberattack.
More than two-thirds (69%) of respondents said their current privileged access approach is either very mature or mature, with 71% reporting they are confident they can recover quickly from a cyberattack. A full 89% also said they can monitor and be alerted whenever there is unauthorized privileged activity.
Joseph Carson, advisory CISO and chief security scientist at Delinea, said given the number of successful cyberattacks, the survey results suggested there is a level of overconfidence when it comes to access controls that organizations should address. Most of the compliance and security issues that do arise stem from applications and platforms that security teams were unaware existed because they often don’t have as much visibility into IT environments as they think, he noted.
As IT environments become more complex, the odds a security team will be able to successfully manage access controls without relying on automation are only going to further decline, Carson added.
In general, Carson said there is now more focus on access controls thanks, in part, to the rise of business information security officers (BISOs) that are tasked with narrowing the divide between a centralized security team and the rest of the business. The goal is to educate business users about how to safely employ applications to achieve a goal without running afoul of cybersecurity policies, he noted.
Obviously, it’s still early days as far as the role of a BISO within organizations is concerned, but it’s clear the relationship between security teams and the rest of the business is evolving. At a time when more organizations are investing in digital business transformation initiatives, there’s a greater appreciation for the need to secure mission-critical applications. Security teams are now bringing their expertise to bear to enable these applications to be deployed as safely as possible within the context of the risk to the business versus routinely rejecting them out of hand whenever a policy conflict arises.
That level of collaboration has the added benefit of increasing the business’ willingness to invest more in automation frameworks to reduce dependencies on manual security tasks that might otherwise slow down applications deployment. Access controls, of course, represent one area where reliance on manual processes just takes time away from other critical cybersecurity tasks.
One way or another, in the coming months and years, cybersecurity will become more automated. That doesn’t mean the need for cybersecurity experts will decline, but it does mean a reduction in a lot of the drudgery that contributes to so much of the fatigue cybersecurity teams feel today.
