Omada’s research report State of Identity Governance 2024 queried 551 IT professionals about how their organizations manage identity-related cybersecurity threats, the tools they use and where they deploy them, and what functionality they look for when evaluating an identity governance and administration (IGA) solution. The research uncovered specific deficiencies typical in current IGA practices and showed what new functionality organizations seek when evaluating a new IGA solution in the context of an overall cybersecurity strategy. Here are four key findings:
- More than 90 percent of IT professionals are concerned with the risks of identity-related cybersecurity threats; 78 percent believe employees have excessive access
The Survey results show that a high proportion of IT professionals believe their organizations over-permission access, so it is hardly surprising that nine in ten are concerned about identity-related security threats. Roles in organizations that expressed the most concern about identity-related threats are senior managers (CIOs and CSO/CISOs), with more than 76 percent reporting they are “very concerned” and more than 18 percent “somewhat concerned.”
- Organizations using legacy IGA solutions are more concerned about specific identity-related threats than those using modern IGA
When queried about specific identity-related threats, respondents using legacy or in-house-built IGA reported significantly greater concern overall. This is likely because IT professionals understand the limitations of legacy and in-house-built solutions. While many respondents working in organizations using modern IGA said they were concerned about identities having unnecessary access and/or overly permissive accounts, the data shows they are less concerned about the specific risks that result from not using the principle of least privilege. This may be because modern IGA users are extremely confident in their security hygiene practices; 95 percent agree their organization uses strong identity verification, 93 percent say they can quickly identify anomalous behavior and shut down suspect accounts, 94 percent say they can easily meet new business requirements, and 91 percent say they can easily produce regulation-specific reports.
- Less than nine percent of organizations are currently deploying IGA in a SaaS environment only
While “born in the cloud” may be a compelling buzz phrase to marketers for identity and access management solution providers, the Survey demonstrates that fewer than nine percent of organizations deploy their IGA solution only in the cloud. Nearly 52 percent of respondents say their organization deploys IGA in hybrid (on-premises and SaaS) environments and nearly four in ten still deploy their IGA solution entirely on-premises. This data suggests that while organizations are migrating more applications and business processes to the cloud and need to ensure cloud identity governance, they still require some flavor of on-premises IGA and connectivity to these environments.
- Organizations are looking for SaaS-based IGA that offers generative AI, adaptability, connectivity, and best of breed capabilities
The characteristics desired by Survey respondents are consistent with the principal features of a modern Identity Governance. For legacy or in-house-built IGA, achieving adaptability to an organization’s requirements usually means applying resource-intensive custom code development to the project. A modern Identity Governance solution achieves adaptability by providing robust configurability that enables organizations to achieve a higher level of success IGA integrating more systems without making any changes to their existing systems or requiring custom development resources. The Identity Governance solution also delivers a connectivity framework that enables interoperability with any organization’s applications and infrastructures as well as those of other identity and access management (IAM) solutions and support capabilities like generative AI that can help to simplify the management burden and decision making tasks within IGA. A SaaS-based Identity Governance with faster data ingestion and the capacity to synch quickly to onboard applications enables users to improve their performance continuously. Organizations that use a defined process to activate these features ensure they can provide centralized management and governance support in decentralized environments with multiple access points while maintaining control requirements and performance levels.
To achieve this performance level, a substantial majority of IT professionals agree that their organizations are more likely to choose best-of-breed identity and access management (IAM) solutions rather than a single vendor that may not offer robust capabilities across the board across all of their modules. This is likely why more than half of respondents identified adaptability and connectivity as critical IGA solution features.
With these findings in mind, identity management and compliance professionals should ensure their identity security breach management solutions enables them to mitigate identity-related risks and put their cybersecurity teams more at ease with their organization’s ability to do the job.
To learn more about Identity Governance and the solutions offered by Omada, please visit our website.
About the Author: With over 25 years of global experience in cybersecurity and a focus on Identity & Access Management, Paul Walker is a seasoned professional known for his exceptional communication and problem-solving skills. Currently serving as a Field Strategist at Omada, he brings a wealth of expertise in value selling, product growth, and IAM solution evangelism. Paul has held key positions at Clear Skye, One Identity, and Dell, consistently driving technical strategy and maintaining impactful relationships with customers and partners throughout his distinguished career.
About the Company: Omada, a global market leader in Identity Governance and Administration (IGA), offers a full-featured, cloud native IGA solution that enables organizations to achieve compliance, reduce risk, and maximize efficiency. To ensure successful deployment in 12 weeks, Omada’s Accelerator package provides a reliable starting point for IGA projects with a standardized implementation approach, best-practice framework for process design, and training for efficient user adoption. Founded in 2000, Omada delivers innovative identity management to complex hybrid enterprise environments globally.
