Cyber-Ark Releases First-Ever US Privileged Password Survey

DEDHAM, Mass. --(Business Wire)-- Cyber-Ark(R) Software, the information security software company that develops and markets digital vaults for securing and managing highly-sensitive information within and across global enterprise networks, today announces the surprising results of its 2006 Privileged Password Survey. Privileged passwords are the non-personal passwords that exist in virtually every device or software application in an enterprise, such as root on a UNIX server, Administrator on a Windows workstation, and Cisco Enable on a Cisco device.

Click here to learn more about e911 and its impact on VoIP

Click Here to Learn How You Can Profit from IP Communications. Live, in Person at INTERNET TELEPHONY Conference & EXPO West 2006 in San Diego.

IPTV is coming fast. Educated service providers will reap profits first. Learn how at FierceMarkets' IPTV Evolution Workshop this fall.

Get Your IMS Education from The Expert Team at INTERNET TELEPHONY Magazine and TMCnet. This Fall in San Diego at IMS Expo.

A surprising set of statistics

Completed by more than 140 IT professionals, the 2006 Privileged Password Survey reveals that privileged passwords are far more common in enterprises than previously thought: approximately one-half of all enterprises contain more privileged passwords than individual ones. Second, although these privileged passwords provide "super-user" system access, the survey exposes that up to 42 percent are never updated, a frightening prospect in today's environment of increased audits and hacker attacks. In fact, half of the IT professionals surveyed reveal that they're concerned about audits, and 6 out of 10 state that their organization has been hacked.

Often, the reason privileged passwords are rarely updated is a simple one: many enterprises still manually change these key passwords.

Approximately half of all enterprises have more privileged passwords than personal ones

According to the 2006 Enterprise Privileged Password Survey, the typical enterprise contains:

-- More than 500 employees, and each employee has an Administrator account associated with their workstation (72%)

-- More than 500 servers with privileged password accounts (44%)

-- More than 100 routers with privileged password accounts (41%)

-- More than 100 software applications (71%), most of which connect with other applications (92%)

"Often organizations believe that because they have a small number of IT administrators, they can't have many privileged passwords," says Adam Bosnian, Vice President of Products, Strategy and Sales for Cyber-Ark Software. "The truth is that privileged passwords come pre-loaded onto virtually every piece of hardware and software in an enterprise and are therefore extremely common. Simply put, these super-user passwords are the keys to your kingdom, and yet they are often left unguarded."

Privileged passwords are more powerful but less likely to be changed

Although privileged passwords provide "super-user" access to a target system, the survey shows they are far less likely to be updated. Respondents report that 99 percent of individual passwords are updated, however for privileged passwords:

-- 13% of ROUTER privileged passwords are never changed

-- 21% of LOCAL WORKSTATION privileged passwords are never changed

-- 13% of SERVER privileged passwords are never changed

-- 42% of SOFTWARE passwords are never changed

In many cases, these passwords are never changed because organizations still manually update them, a time-consuming process. As an IT Executive at one Fortune 500-sized company explained: "Virtually every server, router, and application in our enterprise has a number of Privileged Accounts. Of course, we have to regularly change the Privileged User Passwords for these powerful systems; however, manually changing thousands of passwords across hundreds of databases is simply impractical."

A major risk for hacker attacks and failed audits

The survey not only revealed that privileged passwords are rarely changed, it also supports that this is a dangerous practice in today's environment of hacker attacks and increased audit pressure. For example, in survey results:

-- 6 out of 10 enterprises report being hacked

-- 9 out of 10 enterprises state they're annually audited for IT practices

-- Half of all IT professionals are often or always concerned about passing audits

"Of course, having unsecured privileged passwords is an unnecessary risk," says Adam Bosnian. "There are proven software applications available today that automatically update privileged passwords across all enterprise systems, including routers, servers, workstations and software applications. Cyber-Ark is proud to offer the Enterprise Password Vault as the award-winning solution for managing, securing, auto-updating and logging all activity associated with privileged passwords."

For more information on managing these privileged user passwords and for the full results of this survey, visit www.cyber-ark.com/survey.asp

About Cyber-Ark

Cyber-Ark Software is an Information Security company that develops and markets digital vaults for securing and managing sensitive information within and across global enterprise networks. Based on it's patented Vaulting Technology(TM), Cyber-Ark's digital vault products include: The Inter-Business Vault, a secure infrastructure for cross-enterprise data exchange of highly-sensitive information; the Network Vault(R), for secure storage and management of highly-sensitive documents, and the Enterprise Password Vault, for the secure management of administrative, emergency and privileged user passwords. Cyber-Ark's Vaulting platform has been tested by ICSA Labs, an independent division of Cybertrust. ICSA is the security industry's central authority for research, intelligence, and certification testing of security products.

Cyber-Ark Software was founded in 1999 by a team of industry-recognized security experts with the aim of producing a truly effective security offering where complete end-to-end security was the initial, key design consideration rather than applied as an afterthought. Today, over 200 Global 1000 companies rely on Cyber-Ark Software's digital vault solutions for managing, sharing and securing highly-sensitive information both within their organization and with their partners, vendors and customers. Cyber-Ark Software is privately held and backed by some of the world's most successful venture capitalists, including Jerusalem Venture Partners, Seed Capital Partners (a SOFTBANK Affiliate), JP Morgan/Chase Partners and Vertex Management.


Related Tags: privileged passwords, privileged password, passwords never, never changed, password survey, privileged

Email Author Feedback

• TMCNet » Cyber-Ark Releases First-Ever US Privileged Password Survey

CosmosDel.icio.usSlashdotDiggBoingBoingFurlSpurl

Listed below are links to sites that reference Cyber-Ark Releases First-Ever US Privileged Password Survey:

Trackback Pings

TrackBack URL for Cyber-Ark Releases First-Ever US Privileged Password Survey:
http://blog.tmcnet.com/cgi-bin/mt3/mt-tb.fcgi/28050

Previous blog: Leading Advertisers and Agencies Join Click Quality Council to Provide Input into Development of Click Measurement Standards
VoIP for Enterprise Home Page
Next blog: eIQnetworks Announces Availability of Financing Through eIQ Credit Corporation

Comments to Cyber-Ark Releases First-Ever US Privileged Password Survey

Name:

Email Address:

URL:

Remember info? Notify me of new comments?

Comments: (you may use HTML tags for style)