Identity management is now mostly about security
IDSA released a study based on an online survey of over 500 IT decision makers. The report examines the impact that the pandemic and increase in remote work had on identity and access management (IAM) in the enterprise, as well as the implementation of identity-focused security strategies.
Over the last year, the shift to remote work has led to an increase in the number of identities, an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities.
Four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. In accordance, the majority of organizations have made changes to better align security and identity functions, with one of those changes being increasing CISO ownership of IAM.
Most organizations experienced an identity-related breach within the past two years
Despite additional security challenges introduced in 2020 with more identities, exponential remote access, and more personal devices, the number of identity-related breaches remains flat. 79% of organizations experienced an identity-related breach within the past two years, the same as reported in a previous study conducted by the IDSA in April 2020.
Increased attention also appears to be correlating with increased investment, as nearly all organizations will be investing in identity-related security outcomes in the next two years.
“The past year forced organizations to recognize the importance of securing digital identities, whether maintaining employee productivity through secure access from anywhere, using any device, or transforming engagement with customers to secure online services,” said Julie Smith, executive director of the IDSA.
“If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”
Remote work has significantly impacted identity security
- 83% report that remote work due to COVID-19 increased the number of identities
- 80% say the shift to remote work increased focus on identity security
- Confidence in the ability to secure employee identities dropped from 49% to 32% in the past year
Breaches still prevalent, but investments in targeted prevention are accelerating
- Identity breaches are not increasing, but they are having an impact on organizations
- At least 70% report they began implementation or planning of identity-related security outcomes in the past two years
- 97% will make investments in identity-related security outcomes over the next two years
- 93% believe they might have prevented or minimized security breaches by using identity-related security outcomes
Security taking a broader role in identity management, with positive effects
- 64% report that they have made changes to better align security and identity functions within the last two years
- 87% report the CISO has a leadership role when it comes to IAM a dramatic contrast to 53% that said the same about the security team in 2019
- Organizations where the CISO has ownership of IAM are more likely to say the security team has an excellent understanding of their identity strategy and implement identity-related security outcomes