The Identity Defined Security Alliance (IDSA) has developed its vision and mission based on several challenges faced by IT organizations –
Compromised identities are the leading cause of breaches.
There is an over-abundance of complex security technologies and confusion over where to start.
Effective security strategies require the use of multiple solutions that must integrate seamlessly.
The overarching theme has been that identity, while gaining in respect, is still not considered core to an enterprise’s security strategy.
Until this point, the IDSA has been focused on providing technology frameworks and guidance for bringing identity and security together, but we decided to elevate our focus above technology to better understand the organizational and operational challenges security teams face around identity. Today we published the results of an online survey conducted by Dimensional Research that set out to understand how security teams address identity risks.
The study found that in the majority of enterprises, the team that is on the hook for preventing and responding to identity-related breaches, doesn’t actually have the ownership, budget or skills to be successful. While the IDSA is bringing the technologies together to achieve identity-centric security, there are still organizational barriers standing in the way.
A few key highlights from the survey:
- The number of identities in the enterprise has exploded – More than half (52%) report their identities have grown more than 5-fold in the past 10 years and more than 80% say they have doubled. While in 2015 organizations predicted growth in mobile access (vs pc access) and an increase in IoT, perhaps the problem is bigger than we thought and with accelerating trends such as DevOps, automation and even more enterprise connected devices, this will not slow down any time soon.
- As we already suspected, but the data confirms, identities have become more important to security teams (94%) and as highlighted will continue to grow.
- Four out of five security leaders say there is a greater risk of a severe breach when there is not enough focus on strong workforce IAM practices. While the survey focused only on workforce identities, organizations need to consider a wholistic approach to managing all types of identities going beyond the user to that of systems, applications, and behaviors.
- Yet, a number of data points indicate that organizations are not truly aligned in considering identity and access management a key element of their overall cyber security strategy.
- Ownership: Only 15% own it, 39% have shared responsibility.
- Budgets: 40% say identity and security budgets are spread across organizations and 30% say organizational structure is a barrier to spending more.
- Collaboration: 30% say the goals and motivations of the security team and IAM team are not aligned and 30% say reporting structure hinders collaboration.
- Strategy Alignment: Less than 25% of security leaders surveyed say they have an excellent awareness of the IAM strategy.
- Skills: Only about half (50%) say they have the right skill set to effectively manage it.
Organizations must ensure that strategy, motivations, budget, skills and ownership align across identity and security in order to truly succeed. We look forward to collaborating with our member community and the industry to tackle some of these critical disconnects in the coming year.