New Research: Low IAM Program Maturity is Leaving Companies Vulnerable to Rising Identity-Related Security Incidents
Ponemon Institute Finds Only 16% of Enterprises Have Fully Mature Programs While 56% Average Three Identity-Related Data Breaches in Last Two Years
Saviynt, a leading provider of intelligent identity governance solutions and Ponemon Institute released the inaugural State of Enterprise Identity research report. The findings emphasize the modern identity security challenges that organizations face in the digital era and underscore the importance of comprehensive identity and access management (IAM) strategies to dramatically reduce security risks that often lead to costly data breaches, cyber attacks and regulatory compliance missteps.
According to research findings, only 16% of respondents have a fully mature IAM strategy in place, which is characterized by fully operating programs, skilled workers, and C-level and board executive awareness. The remainder (84%) are currently dealing with inadequate budgets, programs stuck in a planning phase, and lack of senior-level awareness.
As IAM programs fail to get off the ground, the number of digital identities continues to skyrocket, creating complex enterprise environments that require new strategies, investments, and technology to close security gaps. In fact, over the past two years, more than half (56%) of respondents claim their business had an average of three data breaches or other access-related security incidents. Further, 52% of these respondents claim the breach was due to lack of comprehensive identity controls or policies.
“We’ve found that most enterprise IAM programs have not achieved maturity, leaving companies struggling to reduce identity and access related risks,” said Jeff Margolies, Chief Strategy Officer, Saviynt. “Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks and their financial consequences.”
Marketing Technology News: Only 5%? CHEQ Study Shows Up To 12% Of All Traffic Originating From Twitter Is Made Up Of Bots
“Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks and their financial consequences.”
Limited Visibility and Inadequate Controls Have Become the New Normal
Enterprise-wide visibility is critical to reducing risks in privileged user access and yet today’s complex enterprise ecosystems only further impede transparency. According to findings, just over a third of respondents (35%) are confident that they can determine privileged users are compliant with policies. That same percentage (only 35%) have high confidence in the effectiveness of current security controls preventing internal threats involving the use of privileged credentials. The number one reason for lack of confidence in achieving visibility of privileged user access is confirmed by 61% of respondents, citing that they can’t keep up with the changes occurring to their IT resources.
Beyond the lack of confidence in user access controls, there’s also compliance and regulation issues to address. Data shows that almost half of respondents (46%) say their business failed to comply with regulations because of access-related issues. Beyond lawsuits and fines, many victims have suffered from loss of revenue, customers, and reputation, but almost two-thirds of respondents (64%) say IT system downtime was the biggest consequence of compliance failures.
“While these numbers certainly raise concerns, our research also shows that many organizations are recognizing the benefits of a converged identity platform such as Saviynt, which combines multiple identity management capabilities into a single cloud solution to unify controls, improve visibility, and reduce risk,” continued Margolies. In fact, 71% of respondents are actively considering, or plan to adopt, converged identity governance & administration (IGA) and privileged access management (PAM) solutions to reduce costs and provide frictionless access to enterprise resources.
Marketing Technology News: MarTech Interview with Venkat Nagaswamy, CMO at Mitel
Additional key report findings:
- Automation can ease the identity management burden
- 56% claimed that granting and enforcing privileged user access rights required too much staff to monitor and control
- 51% are unable to keep pace with the number of access change requests
- The power of the cloud (and IAM)
- 52% say their organizations’ cloud transformation program is already integrated with their IAM strategy
- 51% have seen an improvement in their IAM effectiveness
- Remote & hybrid workers still present security risks
- Only 28% of respondents say their organizations are determining if remote workers are securely accessing the network
- 37% report the number one step to secure the hybrid, remote workforce is screening new employees
The study was conducted by Ponemon Institute on behalf of Saviynt and includes responses from more than 1,000 IT and IT security practitioners in the United States (627) and EMEA (416). These participants are knowledgeable about their organizations’ programs and solutions used to mitigate cybersecurity, identity & access and compliance risks.