Stiri	Stiri afaceri	Stiri companii	Evenimente de afaceri

KPMG Survey: Organizations understand the need for activity and access management, but expectations exceed reality

Taking a comprehensive approach to their information security, European organizations are aware of the need for the systematic management of identities and access rights, KPMG is saying in a press release sent on Thursday.

In spite of the difficulties related to the current economic climate and the varying circumstances of most of the organizations that participated in this study, the survey performed by KPMG and Everett - „2009 European Identity & Access Management (IAM)" - indicates that the importance of IAM is acknowledged by organizations in all sectors of the economy.

The IAM 2009 Survey was organized by KPMG together with Everett as a follow-up of the IAM survey performed by KPMG in 2008 and covered more than 125 respondents from organizations located in 22 European countries, including Romania.A breakdown of the survey results according to sector shows (as in previous surveys) that financial services organizations are devoting the most attention to information security. They represent 39% of all respondents (47% in CEE).

Identity and Access Management comprises the policies, processes and systems for efficient andeffective governance and management of who has access to which resources within an organization. The processes covered by IAM include User Management, Authentication Management, Authorization Management, Access Management, Provisioning, as well as Monitoring & Audit.Most IAM projects are typically focused on the areas with the most significant concentration of users and consequently the most risks: employees/contractors and internal systems/ information. More complex environments, such as federated identities connecting IAM environments with contractors and business partners, are not yet widely used.

More than 85% of KPMG IAM Survey participants have initiated one or more IAM project in the last three years. The financial sector allocates the biggest budgets to IAM projects, just as in 2008, whereas the government sector has came from last place in 2008 to second place in 2009.Regarding the impact of the financial crisis, more than 50% of the respondents stated that it had not affected the budgets allocated to IAM projects, while 37% said that the impact of the financial crisis had lowered these budgets

At the same time, putting into practice a complete IAM solution has decreased by 50% compared to last year. This decrease indicates the move from a more preventive approach towards a detective approach which concentrates on the "crown jewels" of an organization. This approach can also be considered as a consequence of the economic crisis because concentrating only on critical information will lead to a decrease in expenses.

Despite the budget reductions almost three quarters of the respondents agreed totally or partially that investments in IAM should grow and not decrease because of the current economic climate as they represent an important mechanism for reducing the risk of fraud.There is a distinct difference between expectations for IAM projects and the results. "It is shocking to find that more than half of IAM projects did not meet their objectives, which results in overall disappointment with them," said Aurelia Costache, Partner responsible for IT Advisory services in Romania. "The challenge is to obtain the expected benefits. With limited budgets because of the current economic climate, organizations will have to make their decisions regarding the scope and approach of IAM projects with great care. This will require strong project management and a clearly defined IAM strategy."

According to the KPMG survey, most IAM projects have as their mainstay the centralized management of authorizations and a classic authentication mechanism based on username and password, although a significant percentage of the respondents have specified that they use token devices (more than 50%) or smart card certificates (more than 35%) at least for their important systems.The survey points out that technical issues are not the main challenges for an IAM project's success. The main reasons why a project fails to meet its objectives are organizations' lack of readiness for change or lack of support and attention from management for such projects."One of the most important conclusions of this study is that identity and access management is still an area of the present," Aurelia Costache concluded.

Sursa: http://www.actmedia.eu

Tags: management their respondents projects approach kpmg organizations access survey

Articole similare