SecureData, a member of the JSE-listed ERP.com Group and the distributor for RSA Security products in Sub-Saharan Africa, today announced the latter's survey results that show the challenges end-users face in managing passwords inside the enterprise, and the potential corporate IT security risks that result.
The survey of almost 1 700 enterprise technology end-users in the US showed that over a quarter of respondents must manage more than 13 passwords at work, and that nine out of 10 respondents are frustrated with the password management challenge. This frustration is leading to behaviour that could jeopardise IT security, as well as compliance initiatives.
"Compliance initiatives have led companies to enforce and strengthen password policies, which has resulted in additional burdens for the end-user, such as requiring that employees change passwords more frequently, or leverage very difficult to remember passwords," commented Andrew Braunberg, senior analyst at Current Analysis.
"Paradoxically, password policies that are not user-friendly spur risky behaviour that can undermine security. These policies also raise IT help-desk costs as companies allocate more resources to password resets."
Plethora of passwords creates frustration
The results of the RSA Security survey reveal that employees are managing an incredibly large number of passwords at work: 28% of respondents must keep track of more than 13 passwords and 30% of respondents manage between six to 12 passwords. Managing so many passwords is leading to greater end-user frustration: the vast majority of those surveyed (88%) reported frustration with the password management process.
Password overload driving risky IT security behaviour
RSA Security's survey findings indicate that while end-users may attempt to memorise passwords, employees continue to resort to other, less secure means of tracking multiple passwords. The most common risky password management behaviours include:
* Maintaining a spreadsheet or other document stored on the PC (25%)
* Recording a list of passwords on a PDA or other handheld device (22%)
* Keeping a paper record of passwords in an office/workspace (15%)
The password burden on the IT help-desk
Research from the Burton Group reports that each call to the IT help-desk may cost between $25 and $50. Despite this, the RSA Security survey showed that the bulk of password reset responsibilities continue to lie in the hands of IT help-desk staff, with 82% of respondents indicating that IT help-desk staff must intervene when passwords are lost or forgotten.
The survey also showed the potential for lost productivity when employees rely on the IT help-desk to manage a lost or forgotten password. Some 20% of respondents said it takes the IT help-desk staff between six and 15 minutes to address a lost or forgotten password problem; 17% said it takes longer than 16 minutes.
Protecting the 'keys to the kingdom'
Respondents were queried on the impact of leveraging a 'master password', which could be used to gain access to all other passwords.
The overwhelming majority of respondents (98%) believe it would be important to add a layer of protection if they were provided with one master password at work, essentially, protecting the 'keys to the kingdom'.
Tellingly, 55% of respondents rated adding an additional layer of security as 'very important'.
Survey description and methodology
The RSA Security password management survey was conducted online between 31 August and 19 September 2005, with 1 685 respondents, including CIOs/CSOs, and IT directors, managers and administrators, taking part in the survey. The survey polled individuals in the US.
For further information, please contact Andrew Ochse at telehone +27 11 257 8600; fax +27 11 257 8699; e-mail andrewo@securedata.co.za.
Share
RSA Security Inc helps organisations confidently protect identities and information access. The company secures more than 15 million user identities, safeguards trillions of business transactions annually, and manages the confidentiality of data in tens of thousands of applications worldwide. RSA Security's portfolio of award-winning solutions, including identity and access management, secure mobile and remote access, secure enterprise access, secure transactions and consumer identity protection, sets the standard in the industry. Their strong reputation is built on a 20-year history of ingenuity, leadership and proven technologies, and their 17 000+ customers around the globe. Together with more than 1 000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet.
SecureData
SecureData, an ERP.com company, is Africa's premier IT security solution provider. SecureData's solutions incorporate anti-virus and content security, network security, intrusion prevention software and network asset management. SecureData's comprehensive "Managed Security Services" include design, audit, implementation, vulnerability assessment, outsourcing and hosting.
SecureData distributes, sells and supports category leading IT security products to the public, corporate and SME sectors throughout Africa as well as products and services to the SOHO and consumer markets through partnerships with ISPs. As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the African distributor for US-based TippingPoint Technologies and the southern African distributor for US-based Application Security, eEye, Rocket Software, RSA Security, St Bernard and Websense. For more information, visit SecureData at www.securedata.co.za.
ERP.com
ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.
Editorial contacts