IT personnel burn a full month of work (21 days) managing Identity and Access Management (IAM) each year on mundane tasks such as resetting passwords and tracking app usage. According to a new survey from 1Password, IAM continues to be a significant productivity bog for IT and employees alike, with 57 percent of IT workers resetting employee passwords up to five times per week—and 15 percent doing so at least 21 times per week. 1Password’s wide-ranging survey also explored behavior around Shadow IT in the work from home era as well as the power of EPM to achieve security, productivity and convenience for enterprises.

“The Shadow IT picture is more complicated than many think,” said Jeff Shiner, chief executive officer, 1Password. “Most of us follow the rules, but a small group of employees trying to get more done circumvent policies and create openings for credential attacks. They’re sometimes enabled by IT workers who empathize with their pursuit of productivity..”

IAM is a significant burden—and today’s tools fall short
1Password’s research found that 14 percent of IT workers are consumed with IAM, spending at least an hour per day on routine IAM tasks. It’s no surprise that IT workers are disillusioned with their tools: just 48 percent of IT workers say the majority of IAM products bring value to the company—and 13 percent say less than 10 percent of their IAM products deliver.  

Shadow IT: Led by a small group of productivity-minded employees
IAM is often used to detect unauthorized use of software—Shadow IT—and 1Password’s survey revealed that it’s largely successful. Four in five workers report always following their company’s IT policy, meaning that just 20 percent of workers are driving all Shadow IT activity in the enterprise. These employees don’t act out of malice but rather a drive to get more done, with 49 percent citing productivity as their top reason for circumventing IT’s rules.

Employees who break their company’s IT policy tend to be:

  • Speed demons: They’re nearly twice as likely to say convenience is more important than security—and almost 50 percent more likely to say strict password requirements aren’t worth the hassle.
  • Pessimistic about IT capabilities: Employees who break IT policies are nearly twice as likely to say it’s unrealistic for companies to be aware of and manage all apps and devices used by employees at work—and say the IT dept is more of a hindrance than a help.
  • Millennials and Gen Z:  Nearly three times as many workers who are 18-39 say they do not always follow IT policies, compared to those ages 56 and up.

Lack of tools amid the relentless quest for productivity
IT workers cited lack of suitable technology resources and concern for employee effectiveness as the reason nearly one in three IT workers are not fully enforcing security policies.

  • Twenty-five percent of IT workers say they don’t enforce security policies universally and 4% don’t enforce those policies at all due to the hassle involved with managing policies to concerns over workforce productivity.
  • Thirty-eight percent of IT workers who do not strictly enforce security policies said their organization’s method for monitoring is not robust, while 29 percent agreed “it's just too hard and time consuming to track and enforce” and 28 percent said  “our employees get more done if we just let them manage their own software.”
  • One in three IT workers say that strict password requirements at work aren't worth the hassle.

Enterprise password managers are gaining traction as a solution

  • 89 percent of IT departments using a password manager say it’s had a measurable impact on security at their company.
  • IT departments using EPMs report that they save time and frustration for employees (57 percent), reduce time for IT departments (45 percent), enhance productivity (37 percent), reduce breaches/attacks (26 percent) and create happier employees (26 percent).