New data reveals nearly half of businesses are just beginning to address identity security

SailPoint Technologies Holdings has unveiled the findings of a new research report titled, ‘The Horizons of Identity.’ As hyper innovation and rapidly evolving technologies drive global organisations, mature identity programs are becoming business essential to secure and enable digital capabilities at scale. The survey data—based on insights from more than 300 global cybersecurity executives—reveals the current state of the identity security industry and assesses the maturity of enterprise identity programs.

  • 1 month ago Posted in

The business case for identity

Investing in identity security is no longer optional—and the cost of inaction is rising. 79% of organisations have experienced an identity-related breach (source: IDSA), with 99% believing those incidents could have been prevented. In addition to the cost of the breach itself, new regulations can impose costly fines. While maintaining compliance is not always an insignificant cost, non-compliance can be many times more expensive—GDPR, for example, stipulates up to 4% of global revenue in fines for non-compliance.

The expanding scope and complexity of the identity landscape

The growing number of identities that interact in increasingly complex ways underscores the need for a strong identity program. Identities go far beyond user credentials—today’s enterprises need to secure machine identities, customers, employees, contract and temporary workers, partners, and more. According to the report, machine identities make up 43% of all identities for the average enterprise, followed by customers (31%) and employees (16%). It’s no coincidence that machine identities and customer identities are the two identity types projected to grow at the fastest rate over the next 3-5 years. Notably, the total number of identities is projected to grow by 14% over that same span.

Enterprise identity security shows considerable opportunity for growth

Matt Mills, SailPoint’s president of worldwide field operations, said: “The truth is that almost every enterprise understands identity security is a challenge, but many of them don’t know where to begin. Our hope is that by establishing a maturity model that both vendors and consumers can reference, we can create common ground upon which enterprises can reach full maturity faster, and without the growing pains that many endure as they search for answers. Our report shows that 45% of companies are still at the beginning of their identity journey. This means they have the unique opportunity to take advantage of today’s technology to build a comprehensive, AI-enabled approach to identity security from the ground up. As enterprise identity needs move beyond human capacity, this approach has quickly become table stakes. Not only that, but identity security has risen to the top as business essential to securing today’s enterprise.”

Unsurprisingly, high-tech companies tend to have the highest level of identity security maturity, according to the report, followed by financial services and security firms. Media and entertainment and transportation, on the other hand, have the most room for growth. Of companies with the highest identity security maturity, 71% are large enterprises and 64% are located in North America, compared with 21% in Europe and 14% in the Asia-Pacific region.

Opportunity for AI/ML capabilities is high

As digital identity environments have become more complex, the advent of artificial intelligence (AI) and machine learning (ML) has helped drive identity maturity. Over 50% of respondents indicate that they have already implemented AI/ML models to boost their capabilities, or plan to do so within the next two years. Yet 21% cite confidence in their current AI capabilities, demonstrating room to grow. Moreover, there is increased understanding of the value of an integrated identity model to reduce the overall attack surface, with 50% of survey respondents indicating they want an identity-centric security platform where identity is linked to cover machine, cloud, SaaS, and API, making it the top ranked platform preference.

Spend does not correlate to the maturity or ROI

One of the report’s most interesting findings was that as enterprises increase their identity security maturity, they become better at using their security tools more efficiently. Of the companies in the beginning stages of maturity, over a quarter say they allocate more than 15% of their cybersecurity budget on identity. Conversely, 71% of more mature companies say they spend a smaller share of their budget but get more value. That means 28% of the least mature companies are overspending without fully realising the benefits of their security. This underscores the need for organisations to view identity security as an ongoing program rather than a solution that will be “complete” at some point. Identity security must evolve alongside the business.

‘The Horizons of Identity’ report highlights the growing necessity of a strong identity program and the ways in which identity can serve as a driver of innovation and outlines the five horizons that organisations are moving through as they adopt and mature their approach to identity security over time.

Agreement delivers Okta’s identity-first Zero Trust security solution to the channel in France, Spain, Portugal, Italy and Greece — a vital security tool in an era of remote work.
The new offering leverages Wipro’s recent acquisitions in the consulting space and brings clients an end-to-end solution at a time of heightened cyber risks.
Panzura has launched a new comprehensive data management solution for customers that work in sensitive data environments, such as public sector, healthcare, and financial services. Because the service makes both the snapshots and the data immutable, ransomware attacks can’t damage files in the Panzura global file system. Instead, attacks are shrugged off by quickly reverting to seconds-old data blocks to reassemble uninfected files. Through a new strategic agreement, this new solution, as well as all of Panzura’s other workloads, will run on Amazon Web Services (AWS).
Signings cover significant expansion in Philippines, Saudi Arabia, Poland, Czech Republic, Gulf States, Emirates, Middle East, North Africa, Cyprus and Turkey.
UK professional services organisations are subject to more than three cyberattacks every week, with 60% expecting the total number of successful attacks to increase over the next year.
The UK arm of international defence and security company, Leonardo, has selected Rizikon, Crossword Cybersecurity’s supplier assurance and third party risk management platform, to assist in their assessment of cyber risk in their supply chain.
Trend Micro has revealed that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.
Sophos has published its 2023 Threat Report. The report details how the cyberthreat landscape has reached a new level of commercialization and convenience for would-be attackers, with nearly all barriers to entry for committing cybercrime removed through the expansion of cybercrime-as-a-service. The report also addresses how ransomware remains one of the greatest cybercrime threats to organizations with operators innovating their extortion tactics, as well as how demand for stolen credentials continues to grow.