Only one in five orgs set up to securely manage user identities

As organizations seek to capitalize on digital opportunities through rapidly developing and hosting new services online, they frequently under-invest in adequate cybersecurity measures creating significant risks, in particular governing user access.

“Identity Crisis: How to Balance Digital Transformation and User Security?”, a survey of more than 800 C-level executives in the US, UK, Germany, France, Benelux and the Nordics revealed that 62 percent believe it is very important or critical for their organizations to enable or extend access for users to digital services securely, yet only 26 percent have the technology in place to do so.

However, it is clear from the findings that organizations recognize the need to do more to improve the user experience, with 84 percent acknowledging the need to offer more flexible, adaptive authentication methods and IDs.

The findings show that companies are moving to bridge the divide and bolster their existing security practices. In the wake of high profile, extremely damaging online breaches, Identity and Access Management (IAM) is seeing a noticeable increase in investment. Nearly seven in ten companies (68 percent) report a rise in their IAM budgets, with 28 percent noting a ‘strong’ increase.

The survey also revealed a shift in the way IAM is being viewed and implemented, prompted by maturing and emerging technologies and anticipated user demand. The results suggest that allowing users to bring their own identity, where visitors use their existing social identities to log in, is viewed as many companies’ ultimate goal as long as it can be implemented securely. Interestingly it is apparent that this ambition is being balanced with widespread uncertainty surrounding data privacy, security regulations and transparency regarding where services are hosted.

The report highlights:

• Adaptive authentication (risk-based authentication) is set to define the future of device and service access for users. 84 percent of organizations consider the ability to deploy such authentication and offer access via an increasing number of methods and devices a high or very high priority;
• For most companies (85 percent), it is critical or very critical to onboard new services underpinned by cloud technology – which are only expected to increase – quickly and efficiently, and that these are supported by IAM;
• Organizations from both the United States and Europe are very sensitive to where security services are hosted, with close to 90 percent of respondents preferring or mandating data centers that deliver identity management services be located within their country or region.

“It is clear that the days of logging into a company’s system with a username and password specific to that organization are numbered. Users aspire to log in from anywhere in a variety of ways, including with social media profiles and existing email account,” said Mike Turner, Global Cybersecurity COO at Capgemini Group.

“The ownership of online identities is moving away from the organization to more flexible and secure services maintained by the user, addressing access management needs. While it is extremely positive to see increasing recognition and investment from senior leadership, a considerable gap between the task at hand and the current capabilities of many organizations remains. The extent of this security challenge should not be underestimated.”