New vArmour Research Reveals 76% of U.S. Employees Have Inappropriate Access to Applications and Data

Identity-based Threats Cited As Major Concern As Businesses Look To Accelerate Their Zero Trust Journey

vArmour, the leading provider of Application Relationship Management, has released new research revealing that 76% of U.S. employees have inappropriate access to sensitive data. The onset of COVID-19 and resulting distributed workforce have introduced new and complex challenges for businesses, with 45% of IT decision-makers reporting increased pressure from the board around the security of their organization. These findings highlight an increased concern over identity-based threats and the need for user access visibility across the IT estate as organizations navigate their Zero Trust journey.

Identity-Based Threats are a Major Concern

The study highlighted major concerns for the virtual workforce, with 52% of respondents stating that identity-specific threats are keeping them up at night. For a workforce that is both remote and distributed, decision-makers expressed concern over malicious actors impersonating employees, alongside instances of inappropriate access to sensitive information. The other major concern is centered around the dynamic nature of modern multi-cloud environments, which saw a significant acceleration due to quick implementation of digital transformation initiatives, complicating access control and enforcement. Both concerns bring into focus that without visibility and a unified view into user access by enterprises across their application estate, the risk the results highlight is quite real.

The study also found that:

  • IT leaders expressed concern about inappropriate or malicious access to applications and data. 47% are concerned about malicious actors impersonating employees and 41% are concerned about inappropriate access to sensitive information.
  • This concern is justified. 76% of employees had inappropriate access to a sensitive file, and 76% were granted inappropriate access to sensitive files within the past year.
  • IT leaders must have better visibility to users to set policy and respond to security events. IT leaders said they need to understand the users’ identity to create application access control policy (77%), manage policy compliance (73%), and respond to incidents (70%). 

A Zero Trust Security Model is now the North Star for Most Enterprises

Because many applications are now running in heterogenous, multi-cloud environments, a trend that has been accelerated by the remote and distributed workforce, enterprises must protect an expanding threat surface within their IT estate. The survey results show that Zero Trust has become more than an industry buzzword in response. vArmour’s research shows that many IT leaders are implementing a Zero Trust security model, with 33% having implemented one organization-wide and 31% currently scaling an implementation. In addition, 14% are piloting a project, 16% are considering Zero Trust, and only 7% of IT leaders report they are NOT considering a Zero Trust security model. 

Many of our customers are asking us how we can accelerate their Zero Trust journey,” said Keith Stewart, SVP Product at vArmour. “Organizations need real-time visibility and control of user access to applications across their entire enterprise IT estate in order to take steps toward embracing a Zero Trust strategy. Understanding the relationships between every application, every relationship and every user in every environment can help businesses create and orchestrate consistent security policies enterprise-wide.” 

To address key challenges faced by customers and the industry as a whole, vArmour has released version 6 of Application Controller, enabling organizations to find and control unsanctioned and malicious access to improve security, and to drive consistent security policies across their heterogeneous environments for stronger governance and better regulatory compliance.

For more information on vArmour Application Controller version 6 please read the official announcement or contact to find out about how vArmour can help businesses enable their Zero Trust journey through application relationship management. 

Tune in to vArmour’s Relationships Matter Series today, Thursday, March 4, 2021 at 12pm PT for a discussion with security industry veterans on “Key Learnings to Lift Your 2021 Security Strategy.” Register for the event here. 

Survey Methodology

The vArmour Identity Survey consisted of an online survey conducted by Researchscape of IT decision makers at small, midsize and enterprise organizations. A total of 160 individuals from the U.S. completed the survey. Responses were captured in December 2020 and January 2021. The survey was not weighted.

About vArmour

vArmour is the leading provider of Application Relationship Management. Enterprises around the world rely on vArmour to control operational risk, increase application resiliency and secure hybrid clouds — all while leveraging the technology they already own without adding costly new agents or infrastructure. Based in Los Altos, CA, the company was founded in 2011 and is backed by top investors including Highland Capital Partners, AllegisCyber Capital, NightDragon, Redline Capital, Citi Ventures, and Telstra. Learn more at


Read More
October 31, 2023
vArmour Strengthens Executive Team On the Way to Series B Fundraising to Deliver Ground Truth to Enterprise IT Leaders
Read More
April 18, 2023
NightDragon Acquires vArmour, Appoints Matt Gyde as CEO to Capitalize on Growing Global Cloud Application Security Opportunity
Read More
February 8, 2022
vArmour Enhances Ties with Microsoft Azure, Helping Organizations Accelerate Cloud Migrations and Security for Critical Applications and Data

Timothy Eades

Chief Executive Officer