A recent Symplified survey of 225 US-based IT professionals found that 64 percent of respondents cannot audit user activity beyond login. Still, 38 percent say they've experienced accidental access by an authorized user, and 24 percent have experienced a hack that exposed user credentials.

Among respondents, 50 percent authorize access for 250 or more partners, 54 percent authorize access for 250 or more contractors/consultants, 55 percent authorize access for 1,500 or more employees, and 45 percent authorize access for 4,000 or more customers.

Seventy-six percent of respondents have a policy allowing employees to access corporate applications via mobile devices, and 68 percent have a mobile access policy for partners.

"Incidents of hacks and accidental data exposure are always a concern, but lack of visibility and control are also a red flag in today’s environment," Symplified CEO and president Shayne Higdon said in a statement.

"Eighty-six percent of the IT pros we surveyed maintain two or more repositories for user identities -- a practice that can lead to access and policy violations," Higdon said. "BYOD and SaaS used together also presents a unique challenge; as employees and partners use more of their own devices, organizations lose visibility into what they’re doing when logged into SaaS services. These challenges underscore the importance of knowing your security, compliance and other specific needs as you build out your identity management strategy."