Press Releases

ENTERPRISES LOSING MILLIONS DUE TO MISMANAGEMENT OF PRIVILEGED PASSWORDS, NEW ANALYST RESEARCH FINDS

New White Paper Uncovers Millions in Hidden Costs, Security Risks and Compliance Liabilities Associated with Administrative, Super-User or Privileged Passwords

NEWTON, Mass. - January 29, 2007 - Cyber-Ark® today announced the release of new research into Privileged Passwords - the non-personal, shared and administrative passwords that exist in virtually every device or software application in an enterprise - which shows companies are unknowingly losing millions of dollars annually due to costly outages, labor-intensive work, legal liability and audit deficiencies related to mismanaged privileged passwords. To simply maintain and update privileged passwords, the report estimates the typical enterprise spends more than $500,000 each year.

These trends and statistics are summarized in a white paper by IDC and sponsored by Cyber-Ark entitled "Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise" (Jan 2007, #204906). Alarming facts from the research include the following findings:

• Privileged passwords if unchecked can be an unmitigated security threat for an organization.
• Astronomical costs are associated with the manual updating of privileged passwords. The yearly cost of manually changing privileged passwords average $500,000+ for the typical Fortune 2000 company.
• There is a general lack of strict policies for creating and varying privileged passwords which would aid in the prevention of costly security breaches.
• Further complicating the issue is that many if not most privileged passwords are generic in nature and lack the personalization necessary for tracking and auditing purposes.
• Most organizations have more privileged user passwords than personal passwords.
• Most organizations today use the same password for many systems and devices. This creates a common security hole that can be exploited by external hackers.

Not only do privileged passwords pose a security threat, but maintaining, storing, changing and monitoring privileged passwords and their users is an expensive and daunting task. In particular, there are thousands of privileged passwords at all levels - devices, embedded, laptops, etc. - and the cost of changing them on a routine basis is difficult to do manually in any effective way. IDC estimates that it takes approximately $30 in man hours/labor to change the Sys-admin password on a single Microsoft Exchange Server.

"Our research shows that managing privileged passwords is a security conundrum," said Sally Hudson, research manager for IDC's Security Services and Identity Management Products program and author of "Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise."

"IDC believes that the risk can be significantly mitigated by implementing policies which demand special treatment for privileged passwords," added Hudson. "These include the ability to disable an employee's system access promptly upon employee termination; enforcing a company-wide password change on a regular basis; and implementing reliable auditing and reporting systems. Furthermore, companies such as Cyber-Ark that offer a PPM solution are well-positioned to assist organizations in preventing unwarranted insider attacks."

In addition, the research white paper reveals that system administrators, high level IT personnel and developers that have access to privileged passwords can create havoc within an organization if left unchecked as these passwords are literally the "keys to the kingdom". The recent rise in computer-related ID theft and fraud, coupled with legislation demanding compliance for computer privacy and security, is forcing the issue of privileged access into the open and has created a situation where corporations must deal with the issue of privileged password management or face legal penalties.

"This report is groundbreaking as the first comprehensive study of PPM or Privileged Password Management," said Udi Mokady, President and CEO of Cyber-Ark Software. "The security and compliance risks posed by privileged passwords are very real, are very large, and must be addressed in such a way that privileged password management becomes the cornerstone to every organization's overall Identity and Access Management strategy."

The research explores the concept of Privileged Password Management and looks at Cyber-Ark's Enterprise Password Vault™, which is designed to provide a secure, automated and integrated solution to this problem. Privileged passwords are the non-personal passwords that exist in virtually every device or software application in an enterprise, such as administrator on a Windows server, Root on a UNIX server, Cisco Enable on a Cisco device, as well as embedded passwords found in applications and scripts.

IDC's research supports the findings of a recent Cyber-Ark survey of 140 IT professionals, which found that up to 42 percent of privileged passwords are never updated - a frightening prospect in today's environment of increased audits and hacker attacks. The Cyber-Ark 2006 Privileged Password Survey also revealed that privileged passwords are far more common in enterprises than previously thought: approximately half of all enterprises contain more privileged passwords than individual ones.

Until recently, organizations had no way to effectively secure, manage, update and control privileged user accounts. Based on Cyber-Ark's patented Vaulting Technology, Enterprise Password Vault (EPV) provides a safe haven where all privileged users' passwords can be securely archived, transferred, shared, and managed by authorized users. Multiple security layers provide the most secure solution for managing passwords in an enterprise environment, which addresses Sarbanes-Oxley audit and compliance requirements and prevents usage of the same passwords across multiple systems, non-expired passwords, and "easy to remember" passwords. A detailed audit trail, disaster-recovery ready solutions, and granular Access-Control mechanisms help make Enterprise Password Vault the information security software selection for a number of large enterprise and compliance and regulation heavy organizations.

For a copy of "Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise," visit: www.cyber-ark.com/idc.asp

About Cyber-Ark
Cyber-Ark Software is an Information Security company that develops and markets digital vaults for securing and managing privileged passwords and highly-sensitive information. Based on it's patented Vaulting Technology™, Cyber-Ark's digital vault products include: The Inter-Business Vault®, a secure infrastructure for cross-enterprise data exchange of highly-sensitive information; the Sensitive Document Vault™, for secure storage and management of highly-sensitive documents, and the Enterprise Password Vault, for the secure management of administrative, emergency and privileged user passwords. Cyber-Ark's Vaulting platform has been tested by ICSA Labs, an independent division of Cybertrust. ICSA is the security industry's central authority for research, intelligence, and certification testing of security products.

Cyber-Ark Software was founded in 1999 by a team of industry-recognized security experts with the aim of producing a truly effective security offering where complete end-to-end security was the initial, key design consideration rather than applied as an afterthought. Today, over 200 Global 1000 companies rely on Cyber-Ark Software's digital vault solutions for managing, sharing and securing highly-sensitive information both within their organization and with their partners, vendors and customers. Cyber-Ark Software is privately held and backed by some of the world's most successful venture capitalists, including Jerusalem Venture Partners, Seed Capital Partners (a SOFTBANK Affiliate), JP Morgan/Chase Partners and Vertex Management.

The company is located in Newton, Mass. and on the World Wide Web at www.cyber-ark.com

Any and all trademarks or company names listed herein are property of their respective holders.