More than eight in 10 organizations lack a mature identity and access management strategy (IAM), hampered by inadequate budgets, programs stuck in a planning phase and lack of senior-level awareness, according to new research sponsored by Saviynt, a provider of intelligent identity governance solutions.
Over the last two years, roughly half of the companies in the 1,000-respondent study said that they have been hit by an average of three data breaches or other cybersecurity related incidents. Moreover, a similar percentage said the breach owed to a lack of comprehensive identity controls or policies.
Identity and Access-Related Attacks: The Risks
“We’ve found that most enterprise IAM programs have not achieved maturity, leaving companies struggling to reduce identity and access related risks,” said Jeff Margolies, Saviynt chief strategy officer. “Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks and their financial consequences.”
IAM policies also face some headwinds with compliance issues. Roughly one-third respondents (35%) are confident that they can determine privileged users are compliant with policies. That same percentage have high confidence in the effectiveness of current security controls preventing internal threats involving the use of privileged credentials. The number one reason for lack of confidence in achieving visibility of privileged user access is confirmed by 61% of respondents, citing that they can’t keep up with the changes occurring to their IT resources.
Almost half of respondents (46%) say their business failed to comply with regulations because of access-related issues. Beyond lawsuits and fines, many victims have suffered from loss of revenue, customers, and reputation, but almost two-thirds of respondents (64%) say IT system downtime was the biggest consequence of compliance failures.
Identity and Access Management (IAM): Key Challenges
Additional key findings include:
- 56% claimed that granting and enforcing privileged user access rights required too much staff to monitor and control.
- 51% are unable to keep pace with the number of access change requests.
- 52% say their organizations’ cloud transformation program is already integrated with their IAM strategy
- 51% have seen an improvement in their IAM effectiveness
- Only 28% of respondents say their organizations are determining if remote workers are securely accessing the network
- 37% report the number one step to secure the hybrid, remote workforce is screening new employees