Lack of visibility into cloud access policies leaves enterprises flying blind

Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity.

Cloud security concerns

According to the report, the percentage of organizations using a single cloud identity provider (IDP) is down from 30% to 20% since last year. The other 80% are now using multiple IDPs to manage enterprise identity. Given this fragmentation, the top three cloud security concerns among enterprises are a lack of visibility into access policies (67%), identity-based threats (65%), and meeting data privacy regulations (56%).

“More identity systems are being used to manage users, and organizations are losing visibility and control over their identities and access policies. So improvements in identity infrastructure intended to drive an improvement in an enterprise’s cybersecurity posture have caused the opposite effect leading to complexity overload,” said Michael Sampson, principal analyst for Osterman Research.

“Poor visibility of existing access policies means enterprises are flying blind — they do not know where apps are hosted, nor who has access to their data. In our opinion, the rapid adoption of multi-cloud is elevating this problem to critical status,” Sampson continued.

Report focuses on how multiple cloud and identity platforms impact identity and access policy management, create security and operational problems, and why the talent gap in identity professionals prevents organizations from addressing these challenges.

Cloud identity systems

• 76% of organizations do not have complete visibility into the access policies and applications across multiple cloud platforms, including which access policies exist, where applications are deployed, and who does and doesn’t have access.
• 56% of enterprises don’t have a single version of the truth for identities and their associated attributes, increasing concerns over identity duplication and the likelihood of unauthorized access and credential breach.
• 41% of companies surveyed said they can enforce consistent access policies to reduce identity and security risks. This is down from 55% last year — a 25% year-on-year decline.
• 60% of organizations do not have the resources or time to rewrite old, outdated applications so they can support modern identity protocols and work with cloud identity systems that provide enhanced security controls like passwordless authentication.
• 78% of organizations do not have access to the source code needed to update their applications so they can use modern identity systems.

“This report illustrates how the combination of adding more identity providers and technology is leading to less effective access policy management and increasing security and compliance risks to both cloud and on-premises resources,” said Eric Olden, CEO of Strata Identity.