Omada surveyed 502 IT and business leaders responsible for identity governance, access management, compliance, cybersecurity, and general IT administration to uncover the latest trends in identity governance across large organizations. The full results appear in The State of Identity Governance 2025.
If you’re looking to strengthen your Identity Governance and Administration (IGA) strategy for 2025 and beyond, consider these six key trends:
1. Increased IT Security Spending Doesn’t Always Lead to Better Identity Management
Organizations are raising IT security budgets, likely due to growing regulatory pressure. However, higher spending alone does not guarantee more effective identity and access management (IAM). New investment must focus on closing performance gaps and boosting efficiency.
- Efficiency Gains: Over one-third of leaders surveyed say time-consuming manual tasks drive IGA investments.
- Automation Focus: Allocating a portion of the increased budget to automate manual tasks and reduce custom coding brings greater value.
2. Legacy IGA Practices Hinder Cloud and Hybrid Adoption
Many organizations still rely on outdated practices, even when using cloud or hybrid environments. To stay competitive, they need a strategic plan to upgrade to a modern IGA solution.
- Cloud Visibility Gap: Nearly 25% more IT and business leaders using legacy or in-house solutions cited challenges with cloud/multi-cloud/hybrid cloud visibility, compared to those using modern IGA solutions.
- Evolving Needs: As more data and applications move to the cloud, legacy IGA tools often cannot support these environments effectively.
3. Cyber Liability Insurance Requires Proof of Strong Security
More organizations are opting for cyber liability insurance, with 64% of surveyed leaders confirming their organizations carry a policy. However, insurance premiums remain manageable only if the organization can demonstrate adherence to robust security practices.
- Audit-Ready Posture: Modern IGA solutions offer full visibility into identity-related activities, providing clear records of who did what, when, and why.
- Regulatory Compliance: Achieving end-to-end oversight of access rights and controls helps organizations meet the standards required by insurance underwriters.
4. Legacy IGA Tools Fall Short for Modern User Access Control
Organizations are increasingly concerned about over-permissioned access which often stems from outdated tools that focus mainly on external threats rather than misuse of internal credential.
- Credential-Based Threats: Hackers increasingly target user credentials to infiltrate systems.
- Modern Solutions: Features like just-in-time access and Zero-Trust Security Models ensure users, applications, and systems only have the necessary access for the required time needed.
5. Connectivity Challenges Undermine Legacy IGA Systems
Connectivity is still a major issue for those using older or in-house IGA solutions. This problem is far less pronounced for organizations using modern IGA.
- Plug-and-Play Framework: Modern IGA solutions use configurable frameworks that integrate seamlessly with a variety of IAM tools and applications, without requiring complex coding.
- Adaptive Environments: They also easily adapt to hybrid or multi-cloud environments with minimal effort, allowing organizations to extend governance to third-party apps and mobile devices.
6. Total Cost of Ownership (TCO) Is Still a Concern
Around 60% of IT and business leaders cite high TCO as a barrier to adopting more effective IGA solutions.
- Hidden Costs: Legacy tools often require additional funds to handle time-intensive upgrades and customization.
- SaaS Advantages: Modern SaaS-based IGA solutions are flexible and connect to cloud systems without the need for complex customization, keeping TCO low.
Conclusion
As identity-related threats become more sophisticated and organizations shift sensitive resources into the cloud, it is essential to reassess security strategies and address potential vulnerabilities. For more insights on how organizations are responding to these challenges, [download The State of Identity Governance 2025].
By focusing on the six trends discussed and investing in modern IGA solutions, enterprises can protect their data, meet regulatory requirements, and maintain a secure identity environment well into 2025 and beyond.
About the Author: Anders Askåsen is an independent Senior Security Advisor with over 20 years of expertise in IT and cybersecurity. Previously, as Director of Technical Marketing for EMEA at Okta, he was responsible for shaping the region’s identity management strategy, with a strong focus on customer identity. Prior to joining Okta, Anders led Capgemini’s Nordics Cybersecurity practice. He also spent a decade at ForgeRock, where he served as Product Manager for Identity Management, shaping the product roadmap and strategy. Earlier in his career, Anders held key roles at Oracle and Sun Microsystems, driving sales enablement for strategic deals across Central and Northern Europe.
About the Company: Omada, a global market leader in Identity Governance and Administration (IGA), offers a full-featured, cloud native IGA solution that enables organizations to achieve compliance, reduce risk, and maximize efficiency. To ensure successful deployment in 12 weeks, Omada’s Accelerator package provides a reliable starting point for IGA projects with a standardized implementation approach, best-practice framework for process design, and training for efficient user adoption. Founded in 2000, Omada delivers innovative identity management to complex hybrid enterprise environments globally.