And the survey says….”We still have a ways to go in IAM”

Findings reveal that while everyone is doing identity and access management, few are doing it ‘right’

One Identity and Dimensional Research recently completed a survey of more than 1,000 identity and access management (IAM) practitioners who work at organizations worldwide and represent a full spectrum of industries. The objective of the survey was to get a sense for where most organizations are in their IAM maturity and uncover the areas that need the most improvement.

I was, frankly, quite surprised at some of the data. The bottom line is that everyone is doing IAM but the level to which they do it ‘right’ varies wildly. By ‘right’ I mean, the extent to which organizations responding to the survey cover all IAM bases, reduce areas of risk and how efficient are their IAM processes.

Some of the findings that I found particularly interesting include:

  • 64 percent of organizations are now in a ‘cloud-first’ stance, meaning they specify that they only use cloud for new technology initiatives or prefer cloud if there is a good option. This aligns pretty closely with what we’ve seen as well and validates the need for IAM solutions to be cloud-ready and cloud-enabled.
  • When asked what their top drivers were for IAM programs, 43 percent specified ‘security’ as the driver for their PAM program and 45 percent said it was a driver for their access-control program. In both cases, ‘security’ outpaced the second place selection – compliance – by a ration of three to one. I found this a little surprising as we always seem to jump at the next regulation (for example GDRP) as causing seismic shifts in why organizations undertake IAM, but the fact that it all comes back to basic security, which is heartening and alludes to a disciplined and focused approach…at least for most people.
  • Only 13 percent of respondents felt ‘complete confidence’ in their PAM program. And this correlates to the fact that the tools and strategies used to control and monitor privileged access varies widely from organization to organization. Very few organizations have a complete PAM program that includes password management, session monitoring, least-privilege access and analytics capabilities.
  • Similarly, just 19 percent report complete confidence in their end-user access-control program. The area of most concern for these respondents is uncertainty about their ability to provision and de-provision users and in a timely manner. Only 16 percent report that full provisioning happens in a matter of minutes and just 28 percent can de-provisioning accounts in a matter of minutes.

I’ve shared just a sliver of interesting findings. See the complete report. It may help inform your IAM program planning and decisions.

To get the full results and all the details, download the survey report.

And when you’re ready to take action, One Identity is ready to be part of your IAM strategy and to help your organization #GetIAMRight.

Anonymous