A new survey finds nearly six in 10 information security pros are using inadequate tools to protect their enterprise servers.
According to the "Privileged Access Management Report," a survey conducted by enterprise access management solutions vendor Fox Technologies and IT security research company Echelon One, a majority of the 327 respondents are "using home-grown solutions (12 percent), sudo (10 percent), or manual enforcement of privileged user access and passwords (37 percent) to control access to enterprise servers."
The December 2011 survey included a wide range of industries and company sizes, with 27 percent of respondents coming from firms with 5,000 or more employees.
We should always be skeptical of vendor-sponsored surveys, though having been involved with some in the past, I know they aren't faked, just selectively used. This survey is about enterprise access management and, not shockingly, discovered shortcomings.
Surveys such as this can present interesting findings -- you aren't alone, there are lots of companies just like yours -- but are really a heads-up for things we might not be thinking about but should. Sometimes they uncover things we'd like to think we aren't doing, such as leaving servers vulnerable from even unsophisticated attackers.
You can download a PDF of the complete survey, which makes an interesting read if you like train wrecks and disasters in the making.
Here are some highlights from the report:
Again I hope this isn't you, but if it is realize that access control for servers is a fairly basic thing. And if you don't have that nailed, you should look around for other hidden problems, too.