- Half of the employees have excessive rights in the fields of AI and the SaaS, the Cloudagle report finds
- Invisible it hides 60% of applications undermining traditional identity controls
- The study recommends the governance of AI plus access and opinions just in time
Half of corporate personnel now have excessive privileges for critical requests, said new research.
The latest governance report for Cloudagle’s identity. Identhe 1,000 DSI and CISO and found that 60% of SaaS and IA tools are outside its surveillance.
Invisible, it widens the risk of initiate, stimulates violations, audit failures and the headache of compliance, the report indicates.
Crawling privilege
He noted that 70% of managers have listed unauthorized AI tools such as data concern, while 48% admitted that the former staff still had access, even months after his departure.
Fluting the privileges is common, but only five percent of organizations actively apply the smallest privileges, and only fifteen percent use just access to the company, despite increasing evidence that temporary identification information reduces the risk and the scope of audit.
“Traditional IAM [Identity and Access Management] The tools cannot follow SaaS and AI of today because all applications are not managed by it, and not everything is behind a centralized IAM system. Iga [Identity Governance and Administration] is at a tilting point, and companies must go to the management of access to AI to remain secure and compliant, ”explains Nidhi Jain, CEO and founder, Cloudagle.ai.
The Cloudagle.ai platform is positioned as an AI centered response, but the report emphasizes that technology alone is not enough.
He recommends noting an identity director to coordinate policies through commercial units and automate supply, revisions and moves. Zero Trust, context controls should replace large permanent access, while behavioral analysis helps report anomalies before becoming incidents.
The study also suggests that continuous access magazines supplied by automatic learning can reduce privilege windows without slowing down work.
With Shadow SaaS uses mounting events and led by initiates who now dominate the violation reports, the era of the annual control lists seems to be finished.
Analysts say that the boards of directors pay particular attention as regulators of amended organizations for the spread of authorization which explains customer files and intellectual property. Without a vision of the time of each identity, the leaders concede that they cannot achieve zero trust goals or prove compliance under cyber-assurance questionnaires.
