User Monitoring Not Keeping Up With Risk Managers' Needs

User negligence in handling sensitive data within applications may be a top security concern for IT executives today, but most organizations either don't have or are unsure if they truly have the capability to detect negligent activity within their application portfolio. So says the Ponemon Institute in a new study out today on the risks from application access and usage.

"Companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity," the report says. "However, the proliferation of applications is creating a serious security risk because identifying users' risky behavior and non-compliance with policies can be nearly impossible."

Conducted among over 600 IT and IT security practitioners, the survey found that 71 percent of respondents have deficiencies in monitoring application access and usage. About a third of respondents said that monitoring is done by ad hoc or manual systems, and 20 percent reported that they use  homegrown systems that focus primarily on privileged users. Just one in eight use some sort of commercial auditing or monitoring product to keep tabs on application access and usage of typical users.  

As a result, over half of respondents said they have difficulty identifying application user activities that are illegal or inappropriate in real-time, and the same amount say they can't separate application user abuse from outside attacker activity. Nearly 80 percent of respondents admitted they either were unable, or didn't know if they were able, to capture the actions taken by any given application user from login to logout.

According to survey statistics, user negligence leads the IT security concerns posed by user activity, with 44 percent of respondents naming that as their top concern. Respondents reported that 71 percent of user-related breaches caused by negligence came at the hands of application users, compared with 18 percent by privileged users. And yet most investments today in user monitoring revolve around privileged users. The survey showed that 48 percent of organizations have systems to measure and monitor privileged users, but only 8 percent have similar systems for regular application users.  

"Historically, companies have identified these types of risks through audits and assessments of application access and usage logs. This manual process is resource intensive," the report said. "In addition, each application logs user actions differently and at varying levels of granularity with many applications not producing logs at all. These logs typically contain hundreds or thousands of discrete events in obscure technical language. As a consequence, organizations that rely upon logs from applications and devices find it nearly impossible to determine what a user actually did."