A new study of 500 practitioners in privileged access management (PAM) highlights a critical gap in the adoption of Just-in-Time (JIT) privileged access management amidst the rapid increase of AI-driven identities.
The CyberArk study showed that only one per cent of organisations have fully implemented JIT models, with most clinging to outdated always-on access assumptions in their privileged access programmes.
The survey also reveals troubling statistics about how companies are handling the evolving security landscape. While 76% of organisations believe their PAM strategies are prepared for AI, cloud, and hybrid environments, many practices do not align with this confidence.
“Dynamic, evolving environments mean the nature of privileged access — and how to secure it — has fundamentally changed,” said Matt Cohen, CEO of CyberArk.
He emphasised the urgent need for modernization within the industry, stating, “With only 1% of organisations having fully implemented a Just-in-Time access model, it’s clear that industry-wide modernization is overdue.”
The report reveals that 91% of organisations have at least half of their privileged access set to always-on. This unrestricted access presents significant security risks, especially as AI agents and non-human identities are increasingly tasked with sensitive operations.
Alarmingly, 45% of respondents admitted to applying the same access controls to AI agents as they do to human identities, while 33% acknowledged they lack clear policies regarding AI access.
The issue of ‘shadow privilege’, where unmanaged, unknown, or unnecessary privileged accounts accumulate, was underscored in the findings.
A staggering 54% of organisations discover unmanaged accounts and secrets every week, signalling a growing vulnerability that undermines security efforts.
Furthermore, 88% of respondents reported managing two or more identity security tools, leading to fragmentation and increased risk.
Cohen urged organisations to evolve their approaches to privileged access, advocating for dynamic, risk-based access models that minimise standing privileges.
He highlighted the importance of automated JIT access for high-risk actions and appropriate privilege controls tailored to human, machine, and AI identities, based on context and risk.
To mitigate risks while fostering innovation, CyberArk’s study suggests that organisations consolidate their identity platforms to enhance visibility and governance.
The urgency highlighted in these findings serves as a wake-up call for CISOs in Southeast Asia and East Asia, where adapting to new digital realities and regulatory pressures is paramount.
