According to a study based on an online survey of over 500 IT decision makers released by IDSA, over the last year, the shift to remote work has led to an increase in the number of identities, an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities. The report examines the impact that the pandemic and increase in remote work had on Identity and Access Management (IAM) in the enterprise, as well as the implementation of identity-focused security strategies.
Four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. In accordance, the majority of organizations have made changes to better align security and identity functions, with one of those changes being increasing CISO ownership of IAM.
Most organizations experienced an identity-related breach within the past two years
Despite additional security challenges introduced in 2020 with more identities, exponential remote access, and more personal devices, the number of identity-related breaches remains flat. 79% of organizations experienced an identity-related breach within the past two years, the same as reported in a previous study conducted by the IDSA in April 2020.
Increased attention also appears to be correlating with increased investment, as nearly all organizations will be investing in identity-related security outcomes in the next two years.
Remote work has significantly impacted identity security
- 83% report that remote work due to COVID-19 increased the number of identities
- 80% say the shift to remote work increased focus on identity security
- Confidence in the ability to secure employee identities dropped from 49% to 32% in the past year
Breaches still prevalent, but investments in targeted prevention are accelerating
- Identity breaches are not increasing, but they are having an impact on organizations
- At least 70% report they began implementation or planning of identity-related security outcomes in the past two years
- 97% will make investments in identity-related security outcomes over the next two years
- 93% believe they might have prevented or minimized security breaches by using identity-related security outcomes
Security taking a broader role in identity management, with positive effects
- 64% report that they have made changes to better align security and identity functions within the last two years
- 87% report the CISO has a leadership role when it comes to IAM a dramatic contrast to 53% that said the same about the security team in 2019
- Organizations where the CISO has ownership of IAM are more likely to say the security team has an excellent understanding of their identity strategy and implement identity-related security outcomes
Identity Defined Security Alliance Resources
An Identity Defined Security Outcome is a desired result that improves an organization’s security posture and reduces the risk of an identity-related breach or failed audit. According to the report, 93% of organizations believe that the IDSA’s Identity Defined Security Outcomes may have prevented or minimized the impact of the breaches they suffered. Included with each Identity Defined Security Outcome are vendor-neutral implementation approaches, which are well-defined patterns that combine identity and security capabilities.
To download the full report, visit www.idsalliance.org/2021-trends-in-securing-digital-identities-2/