The foundation of a holistic identity security strategy

Only 9% of organizations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments, according to CyberArk.

A critical path for cyber resilience

The data-driven model identifies 9% of organizations as those with the most mature and holistic identity security strategies. These transformative organizations have a well-rounded focus on implementing identity security tools, are inherently agile and display a “fail fast, learn faster” characteristic even in times of a successful cybersecurity attack.

42% of all respondents’ identity security programs, however, are in the earliest stage of maturity and lack foundational tools and integrations to mitigate identity-related risk. An expanding identity attack surface, IT complexity and several organizational roadblocks contribute to this widespread identity security deficit.

Findings include:

• Strategy and outcome gap: 69% of C-level executives believe they are making correct identity security-related decisions compared to 52% of all other personnel (technical decision makers and practitioners). The gap highlights the perception that overall security can be achieved by making the right technology investments. But that is only part of the story. Strategically maximizing those investments to include implementation and integration with existing environments, breaking down silos and improved training are equally important.
• Disparate endpoint data: 92% of respondents believe that endpoint security or device trust and identity management are essential to a robust zero trust strategy, and 65% believe the ability to correlate data is critical for effectively securing endpoints.
• Fragmented efforts: 58% of organizations have two teams responsible for securing identities in the cloud and on-premises and rely on numerous point solutions, making it difficult to understand their real-time security posture.

“This research uncovers the relationship between a strong identity security strategy and enhanced business outcomes,” said Jack Poller, senior analyst, Enterprise Strategy Group (ESG).

“More frequent and timely maturity assessments can help ensure the right users have access to the right data, and that organizations can act quickly enough to stop threats before they stop business,” Poller continued.

Holistic identity security strategies

The Holistic Identity Security Maturity Model framework is designed to help organizations evaluate their maturity across four tenets of identity security:

• Procurement of tools spanning management, privilege controls, governance, authentication and authorization for all identities and identity types.
• Integrations with other IT and security solutions within the organization’s stack to secure access to all corporate assets and environments.
• Automation to help ensure continuous compliance with policies, industry standards and regulations, along with rapid response to high-volume routine and anomalous events.
• Continuous threat detection and response capabilities based on a solid understanding of identity behaviors and organizational policies.

“While 63% of organizations admit to being a victim of identity-based attacks, this percentage is likely much higher as adversaries continue to successfully target and compromise identities at scale,” said Amita Potnis, director, thought leadership marketing, CyberArk.

“The main focus for organizations looking to adopt a mature holistic identity security strategy is to secure access for all identities – human and machine – by breaking down silos and adopting a consolidated and automated approach for identity security. Our research indicates that many have already begun investing in this journey, with 24% of organizations committing more than 10% of their overall cybersecurity budget to their identity security programs this year,” Potnis continued.