New Stanford University Study Highlights the Dangers of Neglecting Identity Management

Many Global 2000 companies are suffering from serious security vulnerabilities and operational inefficiencies because of a lack of secure identity management, according to new study by Stanford University and Hong Kong University of Science and Technology. Among several key findings, the study notes that nearly half of the companies surveyed take longer than two days - and many longer than two weeks - to revoke the network access of terminated employees, and that implementing secure identity management can drive down help desk costs by more than $1 million annually.

The study, "Exploring Secure Identity Management in Global Enterprises," was sponsored by Novell's worldwide services organization to explore the key business drivers for secure identity management, as well as obstacles to its adoption. The study consisted of a statistical analysis of nearly 200 Global 2000 company survey responses and more than 30 individual interviews with IT executives and IT managers in North America, Europe and Asia. Companies shared their current technologies, processes and attitudes regarding the management of user identities and access rights.

Survey responses also included a number of anecdotal examples of the security challenges and inefficiencies many of the world's largest companies are facing. For example:

• An employee at a global investment bank - now working for a competitor - was able to access her voice mail months after she left, giving her access to all internal banking announcements.
• Staff absence and poorly defined IT responsibilities caused an employee at a global transportation company to wait over a month to obtain network access rights.
• An IT specialist at a global apparel manufacturer commented that eight out of ten times he finds users' passwords written on the back of their business cards or under their keyboards.
• An intern at a large software company was able to create an account by merely calling a secretary, allowing the intern the ability to edit and download the company sales-lead database.
• An IT manager at a global apparel manufacturer and retailer explained that employees were often given inappropriate access rights by mistake, citing human errors as one of the most common reasons.
• According to survey respondents, it is common to share passwords among users for even the most critical systems, such as ERP applications.
• On average, an administrator needs to manually enter redundant data in four different applications or systems each time a user changes departments or a new user is added.

   

"Clearly secure identity management is one of the most significant issues companies are facing today, because as the Stanford study indicates, failing to address it can have a major impact on both the security and cost structure of an organization," said Chris Stone, Novell vice chairman - Office of the CEO. "That's a one-two punch that can really hamper, if not stop, a company's progress toward its business goals - particularly in today's tough economic climate.

"With those pain points in mind, Novell offers customers relief through its Nsure™ line of secure identity management solutions," Stone said. "Combining Novell's competencies in directory and metadirectory services, provisioning, access management and professional services, Nsure solutions allow businesses to securely deliver the right information to the right people, while eliminating the cost and complexity of password management and redundant administration."