Back in May, we released the first installment of findings from a survey we conducted of 1,000 US knowledge workers, including 500 IT department personnel. Those findings shed light on the opportunities and challenges that companies faced as they embarked on their remote work journey, and the largely overlooked successful job of IT in leading the transition.
The next chapter of this research, released today, dives into the enormous amount of time IT spends managing Identity and Access Management (IAM), and how this influences the quest that all enterprises have to achieve the holy grail of security, productivity, and convenience.
Our research paints a picture of Shadow IT that is more complicated than many of us expected. While most employees do follow IT’s rules, a small group of workers tries to get more work done by circumventing company policies — and sometimes those workers are enabled by IT personnel who grapple with limited resources and empathize with their pursuit of productivity.
Our research found unequivocally that managing the minutiae and complexity of today’s IAM stack can be a significant productivity bog for organizations.
- IT personnel burn a full month of work (21 days!) each year on IAM tasks like resetting passwords and tracking app usage. This cramps productivity for IT and rank-and-file employees alike – 57% of IT workers reset employee passwords up to five times a week, and 15% of those do this at least 21 times per week.
- 14% of IT workers spend at least an hour per day on routine IAM tasks, leading to workers who are disillusioned with their IT tools – just 48% of IT workers say the majority of IAM products bring value to the company – and 13% say less than 10% of their IAM products deliver.
Just 20% of workers are driving all Shadow IT in the enterprise. But these employees don’t act out of malice but instead to get more done – 49% cite productivity as their top reason for circumventing IT’s rules. Employees who break the rules tend to fall into a few categories:
- Speed Demons: They’re nearly twice as likely to say convenience is more important than security.
- IT Pessimists: They are skeptical of their organization’s IT capabilities, claim the IT department is more of a hindrance than a help, and are nearly twice as likely to say it’s unrealistic for companies to be aware of and manage all apps and devices used by employees at work.
- Millennials and Gen Z: Nearly three times as many workers aged 18-39 say they do not always follow IT policies, compared with those ages 56 and up.
Compounding this impact, some IT workers have lifted their foot off the security enforcement pedal as they grapple with the lack of suitable tools and technology resources. According to our research, 25% of IT workers say they don’t enforce security policies universally, and 4% don’t enforce these policies at all due to the hassle of balancing those with concerns over workforce productivity. 38% of IT workers who do not strictly enforce security policies said their organization’s method for monitoring is not robust, while 29% agreed “it’s just too hard and time consuming to track and enforce” and 28% said “our employees get more done if we just let them manage their own software.” One in three IT workers say that strict password requirements at work aren’t worth the hassle.
One solution that’s gaining traction to alleviate concerns over management and productivity is enterprise password managers (EPMs), which are delivering a range of benefits across the organization, from IT to frontline workers.
- 89% of IT departments using a password manager say it’s had a measurable impact on security at their company.
- IT departments using EPMs report that they save time and frustration for employees (57%), reduce time for IT departments (45%), enhance productivity (37%), reduce breaches/attacks (26%), and create happier employees (26%).
We’ve long heard anecdotally that EPMs are helping companies protect themselves while making life easier for employees, and we’re heartened to see the data backs this up. As organizations strive to manage in this difficult time, it’s clear that technologies that improve productivity and security in one fell swoop will be more important than ever.