80% of Organizations Increased Focus on Identity Security Following Pandemic Shift to Remote Work

The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, today released a study titled, “2021 Trends in Securing Digital Identities,” based on an online survey of over 500 IT decision makers. The report examines the impact that the pandemic and increase in remote work had on Identity and Access Management (IAM) in the enterprise, as well as the implementation of identity-focused security strategies.

Marketing Technology News: Strata Introduces Identity Orchestration Platform for Multi-Clouds

“If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”

Over the last year, the shift to remote work has led to an increase in the number of identities and an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities. Four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. In accordance, the majority of organizations have made changes to better align security and identity functions, with one of those changes being increasing CISO ownership of IAM.

Despite additional security challenges introduced in 2020 with more identities, exponential remote access, and more personal devices, the number of identity-related breaches remains flat. 79% of organizations experienced an identity-related breach within the past two years, the same as reported in a previous study conducted by the IDSA in April 2020. Increased attention also appears to be correlating with increased investment, as nearly all organizations will be investing in identity-related security outcomes in the next two years.

“The past year forced organizations to recognize the importance of securing digital identities, whether maintaining employee productivity through secure access from anywhere, using any device, or transforming engagement with customers to secure online services,” said Julie Smith, executive director of the IDSA. “If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”

Marketing Technology News: MarTech Interview with Navdeep Saini, Co-founder and CEO at DistroScale

Key Research Findings

Remote work has significantly impacted identity security

  • 83% report that remote work due to COVID-19 increased the number of identities
  • 80% say the shift to remote work increased focus on identity security
  • Confidence in the ability to secure employee identities dropped from 49% to 32% in the past year

Breaches are still prevalent, but investments in targeted prevention are accelerating

  • Identity breaches are not increasing, but they are having an impact on organizations
  • At least 70% report they began implementation or planning of identity-related security outcomes in the past two years
  • 97% will make investments in identity-related security outcomes over the next two years
  • 93% believe they might have prevented or minimized security breaches by using identity-related security outcomes

Security is taking a broader role in identity management, with positive effects

  • 64% report that they have made changes to better align security and identity functions within the last two years
  • 87% report the CISO has a leadership role when it comes to IAM, a dramatic contrast to 53% that said the same about the security team in 2019
  • Organizations where the CISO has ownership of IAM are more likely to say the security team has an excellent understanding of their identity strategy and implement identity-related security outcomes