Poor PAM Practices Put Organizations at Risk


Most organizations recognize that theft of user credentials is one of the easiest ways for bad actors to gain entry to IT systems. Privileged accounts are especially coveted by external hackers and malicious insiders because they offer virtually limitless access to an organization’s IT infrastructure. Nevertheless, many organizations struggle to implement identity and access management (IAM) and privileged account management (PAM) best practices, increasing the risk of data breaches, regulatory compliance violations, and other threats.

Dimensional Research recently conducted a global survey of more than 1,000 IT professionals with security responsibility in midsize-to-large organizations. The survey focused on their approaches to IAM and PAM as well as their greatest concerns and challenges. The responses show that basic processes such as user provisioning and deprovisioning and password resets remain major stumbling blocks in many organizations.

In 44 percent of organizations, it can take anywhere from several days to multiple weeks to provide new users with access to all needed applications and systems. Password resets take five minutes or longer in 68 percent of organizations, and more than 30 minutes in 9 percent of organizations. These statistics suggest that poor IAM processes are having a negative impact on employee productivity.

Worse, 32 percent of organizations can take between several days and multiple weeks to deprovision former users from all applications and systems to which they were granted access. One in 20 IT pros admit they have no way of knowing if a user is fully deprovisioned when they leave the company or change roles.

These challenges extend to PAM practices. Nearly one third of organizations are using manual methods or spreadsheets to manage privileged account credentials. One in 25 do not manage administrative accounts at all. Three-quarters of IT pros admit sharing privileged passwords with their peers at least sometimes, with one in four admitting this is usually or always the case.

IT security professionals seem to be aware of the shortcomings in their organizations’ PAM programs. Just 13 percent of survey respondents said they are completely confident in their PAM programs, while 22 percent are not confident at all. The majority of respondents rate all aspects of their access control program as at least fair, but only 15 percent are confident they will not be hacked due to an access control issue.

When asked to share their worst IAM nightmare, 27 percent of survey respondents said they were concerned about a disgruntled employee sharing sensitive information, and 18 percent are worried about usernames and passwords being posted to the dark web. Seventy-seven percent of the IT security professionals surveyed said it would be easy for them to steal sensitive information if they were to leave their organization, with 12 percent admitting they would do so if they were angry or upset enough.

Clango provides consulting and professional services to help organizations improve IAM and PAM practices. Our CyberArk Certified Delivery Engineers can also help you take advantage of CyberArk’s Core Privileged Access Security solution to protect, control, and manage privileged credentials. In addition, we offer a managed services program in which we take over the administration and ongoing maintenance of the CyberArk platform. If you need help with IAM and PAM, we invite you to give us a call.


For more information about CyberArk’s Core Privileged Access Security solution, please send us an email at (

Comments Closed.