How identity is addressed by enterprise IT security teams

The majority of companies have experienced a five-fold increase in the number of workforce identities, which are being driven primarily by mobile and cloud technology. Encouragingly, one-hundred percent of IT security stakeholders report that a lack of strong IAM practices introduces security risk, an IDSA survey reveals.

Strong IAM practices

Security leadership also cares “much more” about IAM now than ever before, with importance anticipated to continue to increase over the next five years. Despite growth, and an apparent understanding of risk, only half of IT security professionals state that the security team has any level of ownership for workforce IAM. What’s more, less than one in four IT security professionals say their teams have “excellent” awareness of their company’s identity strategy.

“With the majority of today’s breaches tied to compromised credentials and the number of credentials skyrocketing, IAM is a critical and complex issue that spans many organizational teams, requiring a strategy around people, processes and technology,” said Julie Smith, executive director of the IDSA.

“The findings highlight that addressing identity security through integrated technologies is only one piece of the puzzle. Without collaboration amongst all stakeholders and a clear understanding of responsibilities and handoff points, identity incurs greater risk.”

“As businesses embrace new technologies and expand their workforce, the reality of managing identities is seemingly growing more complex by the day. Awareness of the impact IAM has on security posture has grown as well, as an increasing number of data breaches are tied to stolen identities,” said James Carder, CISO and VP of LogRhythm Labs.

“However, as the data shows, IAM efforts face several organizational challenges as companies grapple with who should take the lead. With the number of identities growing, organizations of all sizes should examine how identity management fits into their security strategy, and eliminate any silos between teams that increase risk or slow the pace of the digital transformation of the business.”

Modern technologies are driving explosive growth of identities

• 52% say that identities have grown more than five-fold in the past 10 years
• The increase in identities is driven primarily by technology changes, such as mobile devices (76%)
• Other identity growth factors include a mix of more employees (57%), connected employees (66%), enterprise connected devices (60%), and cloud applications (59%)

Identities are increasingly important to corporate security

• 100% report a lack of strong IAM practices introduces security risk
• 92% say security leadership cares more about identity management now than in the past
• Security teams are worried about a range of potential identity-related security incidents, including phishing (83%), social engineering (70%), compromised privileged identities (64%), and more

Identity security efforts lack alignment

• While security is involved in IAM activities (99%), only 24% say their security team has “excellent” awareness of IAM
• A wide range of organizational issues prevent security from engaging with workforce IAM, including lack of alignment of goals (33%), reporting structure (30%), history of security not being involved (30%), and resistance from existing teams (24%)
• Budget ownership issues (40%) are cited as the top reason for not spending more on workforce IAM

Incomplete security ownership for identities has consequences

• Only half (53%) report that security has any level of ownership for workforce IAM
• When security teams have ownership of IAM they have better understanding of identities, are more likely to view IAM leadership as a career opportunity, and face fewer barriers to IAM involvement