尽管特权准入做法薄弱,AI和云使用的风险增加,但美国公司对安全过于自信。 U.S. companies overconfident in security despite weak privileged access practices, rising risks from AI and cloud use.

一项新的CyberArk研究显示,随着AI和云的使用增加,美国各组织对其特权准入管理的信心和实际做法之间的差距正在扩大。 A new CyberArk study reveals a widening gap between U.S. organizations' confidence in their privileged access management and actual practices, as AI and cloud use grow. 尽管76%的人声称准备就绪,但只有1%的人完全使用 " 即时 " 接入,而91%的人仍然在一半或更多账户中一直依赖 " 始终存在 " 的特权。 Despite 76% claiming readiness, only 1% fully use Just-in-Time access, while 91% still rely on always-on privileges for half or more accounts. 特别是对于AI代理物和机器身份来说,持续接触会产生风险,45%对AI实施类似人类的控制,33%缺乏AI准入政策。 Persistent access, especially for AI agents and machine identities, creates risks, with 45% applying human-like controls to AI and 33% lacking AI access policies. 影子特权很普遍, 54%的用户每周发现账户未管理。 Shadow privilege is widespread, with 54% finding unmanaged accounts weekly. 零碎的工具使用(88%)和访问审查缓慢(66%)妨碍安全,63%报告雇员绕过控制。 Fragmented tool use (88%) and slow access reviews (66%) hinder security, and 63% report employees bypassing controls. 专家们敦促采用动态、基于风险的准入、自动化和综合平台,以保障不断变化的身份景观。 Experts urge adoption of dynamic, risk-based access, automation, and consolidated platforms to secure evolving identity landscapes.