HomeNewsIdentity And Access Management Takes Up A Month Every IT Year

Identity And Access Management Takes Up A Month Every IT Year

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

Do you know that IT takes a month each year to manage identity and access? 1Password research finds that 20% of workers don’t follow company security policies all the time, enabled by IT departments who empathize with the pursuit of productivity.

A half-month-long survey carried out by AgileBits Inc. 1Password has revealed that in every IT year, identity and access management takes up one month. This was shown to be because not all workers follow company security policies. 

The research which was conducted from April 15 to April 23, 2020, was carried out via an e-survey structure developed by Method Research and distributed by Dynata. It involved up to 1,000 desk-job employees, all employed in the United States. 

Out of the 1,000 employees, about 500 were staff in the IT department of their respective companies. The remaining were from all the other departments. In addition, all the interviewed employees were well over 18 years old and were from different areas in the US. 

READ ALSO: Compliance In The Cloud: Why IAM Is Critical

According to the survey results, IT staff tasks themselves with Identity and Access Management duties like tracking app usage and resetting passwords. This goes on for about 21 days, about 9 days shy of a full month. 

Going into more detail, the survey showed that 15% of IT staff engage in employee password resetting a minimum of 21 times every week. About 57% of IT staff engage in the same for up to 5 times every week. 

The survey extended to Shadow IT behavior in the current remote working situation and the convenience, productivity, and security achievement power of the EPM. 

In all of this, the IT employees revealed a significant problem: the lack of reliable technology resources. Also, not all IT workers follow company security policies, which are tied down to the concern for employee effectiveness. 

4% of IT staff do not enforce company security policies at all because of the inconvenience of managing them and the productivity of the company’s workforce. About 25% enforce the policies but not universally, only in specific departments. 

For 38% of the interviewed workers, their companies do not engage in robust security policies, so the enforcement process is not very strict.

READ ALSO: Identity Theft Is Not A Joke, Jim [MUST READ Parody]

Password managers like 1Password continue to make tasks easier for the IT department, and 89% of IT employees confirm this. 57% attest to password managers helping them save time and frustration, while 37% confirm it helps improve productivity. 

They also help create happier employees, according to 26% of the staff, and another 26% attest to it helping prevent cyberattacks.

READ ALSO: How To Remotely Access Corporate Data Securely Without A VPN

Identity and Access Management (IAM): A Month Out of Your IT Year – FAQs

What is the identity and access management cycle?

The identity and access management (IAM) cycle refers to the ongoing process of managing user identities and their access privileges within a system or network. It's a continuous loop that ensures the right people have access to the right resources at the right time.

What is the identity and access management process?

The IAM process typically involves several key stages:

  1. Provisioning: Creating new user accounts and assigning them initial access levels based on their role.
  2. Access Management: Granting or denying specific permissions to access resources (applications, data, systems) based on user roles and responsibilities.
  3. Governance & Compliance: Defining policies and procedures for user access and adhering to relevant security regulations.
  4. Monitoring & Auditing: Tracking user activity and access attempts to identify anomalies or suspicious behavior.
  5. Review & Re-certification: Regularly review user access privileges and adjust them based on role changes, promotions, or terminations.
  6. Deactivation/deprovisioning: Revoking access and potentially deleting user accounts when employment ends or access is no longer required.

What is the identity and access management standard?

There isn't a single, universally mandated IAM standard. However, several industry best practices and frameworks guide IAM implementation. These frameworks like NIST (National Institute of Standards and Technology) provide secure identity and access management guidelines.

What are the stages of identity and access management?

The stages mentioned previously (provisioning, access management, governance, monitoring, review, deactivation) represent the core stages of the IAM lifecycle. While the specific names or order might vary slightly depending on the chosen framework, these stages ensure a comprehensive approach to user identity and access throughout their time within the system.

An important takeaway is that IAM is not a one-time setup. It's a continuous cycle that requires ongoing monitoring, review, and adjustments. While a month of dedicated effort might be dedicated to initial setup or policy refinement, maintaining a secure IAM system is essential to any IT department's ongoing responsibilities.

Note: This was initially published in August 2020, but has been updated for freshness and accuracy.


About the Author:

Writer at SecureBlitz | + posts

John Raymond is a cybersecurity content writer, with over 5 years of experience in the technology industry. He is passionate about staying up-to-date with the latest trends and developments in the field of cybersecurity, and is an avid researcher and writer. He has written numerous articles on topics of cybersecurity, privacy, and digital security, and is committed to providing valuable and helpful information to the public.

Editor at SecureBlitz | Website | + posts

Christian Schmitz is a professional journalist and editor at SecureBlitz.com. He has a keen eye for the ever-changing cybersecurity industry and is passionate about spreading awareness of the industry's latest trends. Before joining SecureBlitz, Christian worked as a journalist for a local community newspaper in Nuremberg. Through his years of experience, Christian has developed a sharp eye for detail, an acute understanding of the cybersecurity industry, and an unwavering commitment to delivering accurate and up-to-date information.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad


Please enter your comment!
Please enter your name here