| Latest CRM News |
| Research Reports |
| Products & Services |
| Business Deals |
| Corporate Orders |
| Corporate Performance |
| HR Watch |
| Submit your Story |
 by Document Type |
| Academic Papers |
| Articles |
| Case Studies |
| Presentations |
| White Papers |
| Research Reports |
| by Industry |
| Finance |
| Retail |
| Telco |
| Government |
| Healthcare |
| Utilities |
| Submit your Document |
| Editorial |
| Highlights |
| Experts Corner |
| Experts Panel |
| Ask the Experts |
| Books |
| Free Membership |
| Corporate Membership |
| CRM Software & Systems |
| Professional Services & Consultants |
| Analyst Groups & Research Services |
| Resources & Associations |
| Exhibitions & Conferences |
| List your Company |
| Home | | News | | Events | | Careers | | Library | | Topics | | Members | | Vendor Directory |
Enterprises Losing Millions Due to Mismanagement of Privileged Passwords
Cyber-Ark® today announced the release of new research into Privileged Passwords — the non-personal, shared and administrative passwords that exist in virtually every device or software application in an enterprise — which shows companies are unknowingly losing millions of dollars annually due to costly outages, labor-intensive work, legal liability and audit deficiencies related to mismanaged privileged passwords. To simply maintain and update privileged passwords, the report estimates the typical enterprise spends more than $500,000 each year.
These trends and statistics are summarized in a white paper by IDC and sponsored by Cyber-Ark entitled “Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise”. Not only do privileged passwords pose a security threat, but maintaining, storing, changing and monitoring privileged passwords and their users is an expensive and daunting task. In particular, there are thousands of privileged passwords at all levels — devices, embedded, laptops, etc. — and the cost of changing them on a routine basis is difficult to do manually in any effective way. IDC estimates that it takes approximately $30 in man hours/labor to change the Sys-admin password on a single Microsoft Exchange Server.
"Our research shows that managing privileged passwords is a security conundrum," said Sally Hudson, research manager for IDC’s Security Services and Identity Management Products program and author of "Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise."
"IDC believes that the risk can be significantly mitigated by implementing policies which demand special treatment for privileged passwords,” added Hudson. “These include the ability to disable an employee’s system access promptly upon employee termination; enforcing a company-wide password change on a regular basis; and implementing reliable auditing and reporting systems. Furthermore, companies such as Cyber-Ark that offer a PPM solution are well-positioned to assist organizations in preventing unwarranted insider attacks.”
In addition, the research white paper reveals that system administrators, high level IT personnel and developers that have access to privileged passwords can create havoc within an organization if left unchecked as these passwords are literally the “keys to the kingdom”. The recent rise in computer-related ID theft and fraud, coupled with legislation demanding compliance for computer privacy and security, is forcing the issue of privileged access into the open and has created a situation where corporations must deal with the issue of privileged password management or face legal penalties.
“This report is groundbreaking as a comprehensive study of PPM or Privileged Password Management,” said Udi Mokady, President and CEO of Cyber-Ark Software. “The security and compliance risks posed by privileged passwords are very real, are very large, and must be addressed in such a way that privileged password management becomes the cornerstone to every organization’s overall Identity and Access Management strategy.”
The research explores the concept of Privileged Password Management and looks at Cyber-Ark’s Enterprise Password Vault, which is designed to provide a secure, automated and integrated solution to this problem. Privileged passwords are the non-personal passwords that exist in virtually every device or software application in an enterprise, such as administrator on a Windows server, Root on a UNIX server, Cisco Enable on a Cisco device, as well as embedded passwords found in applications and scripts.
IDC’s research supports the findings of a recent Cyber-Ark survey of 140 IT professionals, which found that up to 42 percent of privileged passwords are never updated — a frightening prospect in today's environment of increased audits and hacker attacks. The Cyber-Ark 2006 Privileged Password Survey also revealed that privileged passwords are far more common in enterprises than previously thought: approximately half of all enterprises contain more privileged passwords than individual ones.
Until recently, organizations had no way to effectively secure, manage, update and control privileged user accounts. Based on Cyber-Ark's patented Vaulting Technology, Enterprise Password Vault provides a safe haven where all privileged users' passwords can be securely archived, transferred, shared, and managed by authorized users. Multiple security layers provide the most secure solution for managing passwords in an enterprise environment, which addresses Sarbanes-Oxley audit and compliance requirements and prevents usage of the same passwords across multiple systems, non-expired passwords, and "easy to remember" passwords. A detailed audit trail, disaster-recovery ready solutions, and granular Access-Control mechanisms help make Enterprise Password Vault the information security software selection for a number of large enterprise and compliance and regulation heavy organizations.
