Ponemon Institute finds solely 16% of enterprises have absolutely mature programmes; 56% common three identity-related knowledge breaches in final two years
Saviynt, a number one supplier of clever identification governance options and Ponemon Institute at the moment launched the inaugural State of Enterprise Identity analysis report. The findings emphasise the trendy identification safety challenges that enterprises face within the digital period, and underscore the significance of complete Identity and Access Management (IAM) methods to dramatically scale back safety dangers that usually result in pricey knowledge breaches, cyber assaults, and regulatory compliance missteps.
According to analysis findings, solely 16% of respondents (and simply 15% of EMEA-based respondents) have a totally mature IAM technique in place, which is characterised by absolutely working programmes, expert staff, and C-level and board government consciousness. The the rest are presently coping with insufficient budgets, programmes caught in a planning section, and lack of senior degree consciousness.
As IAM programmes fail to get off the bottom, the variety of digital identities continues to skyrocket, creating complicated enterprise environments that require new methods, investments, and know-how to shut safety gaps. In reality, over the previous two years, greater than half (56%) of respondents declare their enterprise had a median of three knowledge breaches or different access-related safety incidents. Further, 52% of those respondents declare the breach was resulting from lack of complete identification controls or insurance policies.
“We’ve found that most enterprise IAM programmes have not achieved maturity, leaving companies struggling to reduce identity and access related risks,” mentioned Jeff Margolies, Chief Strategy Officer, Saviynt. “Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM programme fuels the risk of rising identity and access-related attacks, and their financial consequences.”
Limited visibility and insufficient controls have turn into the brand new regular
Enterprise-wide visibility is essential to lowering dangers in privileged consumer entry but at the moment’s complicated enterprise ecosystems solely impede transparency. According to findings, solely 35% of respondents are assured that they’ll decide privileged customers are compliant with insurance policies. That identical proportion (35%) have excessive confidence within the effectiveness of present safety controls stopping inner threats involving the usage of privileged credentials. The primary purpose for insecurity in attaining visibility of privileged consumer entry is said by 61% of respondents, citing that they can not sustain with the modifications occurring to their IT assets.
Beyond the insecurity in consumer entry controls, there are compliance and regulation points to deal with. Data reveals that 46% of respondents (and 43% of these in EMEA) say their enterprise did not adjust to rules due to access-related points. Beyond lawsuits and fines, many victims have suffered from lack of income, prospects, and popularity, however nearly two-thirds of respondents (64%) say downtime was the largest consequence of compliance failures.
“While these numbers certainly raise concerns, our research also shows that many organisations are recognising the benefits of a converged identity platform, which combines multiple identity management capabilities into a single cloud solution to unify controls, improve visibility, and reduce risk. In fact, 71% of respondents are actively considering, or plan to adopt, converged identity governance & administration (IGA) and privileged access management (PAM) solutions to reduce costs and provide frictionless access to enterprise resources,” continued Margolies.
Additional key report findings:
- EMEA organisations behind the curve on IAM
- EMEA organisations are barely behind their US counterparts; solely 15% describe their strategy to IAM as mature
- 42% of EMEA respondents admitted insufficient ID controls and insurance policies had precipitated compliance failures
- Compared to US organisations, EMEA-based firms are much less prone to face lawsuits (19% vs 36%) or regulatory fines (23% vs 32%) because of non-compliance, however they’re extra prone to lose prospects (54% vs 45%)
- Automation can ease the identification administration burden
- 56% claimed that granting and imposing privileged consumer entry rights required an excessive amount of workers to observe and management
- 51% are unable to maintain tempo with the variety of entry change requests
- The energy of the cloud (and IAM)
- 52% say their organisations’ cloud transformation programme is already built-in with their IAM technique
- 51% have seen an enchancment of their IAM effectiveness
- Remote & hybrid staff nonetheless current safety dangers
- Only 28% of respondents say their organisations are figuring out if distant staff are securely accessing the community
- 37% report the primary step to safe the hybrid, distant workforce is screening new workers
The research was performed by Ponemon Institute on behalf of Saviynt and consists of responses from greater than 1,000 IT and IT safety practitioners within the United States (627) and EMEA (416). These individuals are educated about their organisations’ programmes and options used to mitigate cybersecurity, identification & entry and compliance dangers.
Need Your Help Today. Your $1 can change life.