Post on 08-Jan-2017
Source: BeyondTrust - 2016 Privilege Benchmarking Study
For more information, including 5 recommendations on improving control and accountability over your privileged accounts, download our free report
DOWNLOAD REPORT
Most top-tiers have an enterprise solution for managing privileged access
78% 9% 39%Only 9 percent of bottom- tiers do, and 39 percent of bottom tiers do nothing
Top-tiers grant privilege to the app, not the user 90% 46% 46 percent of bottom-
tiers do this
Most top-tiers say they are “somewhat” or “extremely” e�cient at managing credentials
73% 36%Only 38 percent of bottom-tiers say the same thing
Top-tiers have granularity in how they can restrict the privileged access they grant
88% 37%37 percent of bottom-tiers do
Most top-tiers cycle passwords for users “often” or “always”
76% 14%14 percent of bottom- tiers do this
25 percent of bottom-tiers do
Top-tiers much more likely to have a centralized privileged password management policy
92% 25%
Most top-tiers have a tool that provides relative risk for apps or systems that help them when deciding how to grant privilege to that app or system
57% 6% 52%6 percent of bottom- tiers do, more than half say “they just know” the relative risks
71%Top-tiers monitor sessions of privileged accounts
Top-tierswatch/terminate sessions in real time
45%
49%
3%
49 percent of bottom-tiers monitor sessions of privileged accounts
3 percent of bottom-tierswatch/terminate sessions in real time
Most top-tiers score apps or systems based on their relative risk based on vulnerability assessments
91% 20% 20 percent of bottom-tiers do
Who We Talked To
Departments
Security Operations13%Information Technology76%
Executive10%Legal Compliance1%
Median Number of Employees
1200
Main Office Location
Roles
42% Sta�
22% Executive
38% Management
U.S.72%
Canada 5% U.K. 3%
South Africa1%
Netherlands 1%
Italy 1%Albania 1%
Australia 1%
Industries
Technology
Other
Education
Government
Manufacturing
Financial
Healthcare
Retail
Insurance
22%
11%11%
8%8%8%
10%
7%4%
• Online surveyfielded in May 2016
• 548 responses
• 29 questions
• Limited to:
Executive, IT, IS, or Legal/Compliance departments Involved with privileged access management
Those with the best and worst overall scores were split into top and bottom tiers• 11 questions about
privileged accesspractices
• Answers scoredbased on industrybest practices
Top-Tier
Bottom-Tier
Methodology Tiering Methodology
Lessons from top-tier organizationsPRIVILEGE BENCHMARKING STUDY