The vast majority of security and IT pros are taking serious aim at solving identity and access management (IAM) issues, according to a new survey by CyberRisk Alliance (CRA).
CRA’s researchers looked to find out what security and IT pros thought about how their organizations were deploying IAM programs. Were they pleased with the progress that’s been made? Are they confident that users are being given appropriate levels of access? And does enforcement of these policies give users access to the data they need to do their jobs.
The study, conducted between December 2022 and January 2023, surveyed 203 security and IT pros from CRA’s Business Intelligence research panel, offered four important findings.
1. Organizations are blazing a path to IAM adoption
Just under half (44%) of respondents have already implemented IAM in part or in full, while 19% are developing an IAM strategy, and 26% are now giving it serious consideration. In total, 98% of respondents have implemented or are considering an IAM strategy. Respondents who have made progress with IAM are choosing various paths to deployment: 22% have opted for an on-prem configuration, 24% for a cloud-based setup, and 25% have chosen a hybrid model blending on-prem and cloud solutions.
2. Companies are experiencing some shadow IT and tech complexities along the way
Many future IAM implementers don’t expect an easy time. Shadow IT and unaffordable IAM products are the top expected challenges for at least 4 in 10 future IAM adopters and implementers. And, lack of budget resources and adopting a zero-trust architecture are considered top challenges by at least one-third of future IAM adopters and implementers.
3. IAM programs are focused on verifying and authenticating users
IAM progress has largely been motivated by a desire to get ahead of the growing pains of transforming today’s workforce. Respondents said today’s IAM efforts prioritize multi-factor authentication (84%), unique passwords (82%), single sign-on (77%), and role-based access control (67%).
4. Security teams struggle to make IAM deployments easier
Respondents worry about the complexity of IAM products and how they can strain the user experience. Fifty-six percent of respondents say they are now focusing on improving the user experience, often cited as a leading pain point in implementing IAM.
As one respondent remarked: “Who wants to spend hours in understanding a product that always requires additional expertise to handle when its objective is to provide efficiency?”
As they look to the future, companies will need to think carefully about how to roll out IAM in a way that improves the organization’s security posture, and respects the needs and preferences of its users.
CRA’s advice to security teams: have an IAM game plan, keep the user experience front and center, focus on iteration, not solving everything all at once, and to more effectively embrace the remote work trend, make identity the perimeter based on zero-trust.