Top Highlights from the 2022 State of Enterprise Identity Report

New Saviynt and Ponemon Institute Report Offers Key Insights Into the Top IAM Challenges Facing Enterprises Today

The new Saviynt and Ponemon Institute State of Enterprise Identity research report illustrates how essential it is for enterprises to have comprehensive identity and access management (IAM) strategies to meet the identity security challenges they face in the digital era.

The study includes responses from more than 1000 IT and IT security practitioners in the United States (627) and EMEA (416). These participants are experts on their organizations’ programs and the solutions used to mitigate cybersecurity, identity & access, and compliance risks.

This blog, the first in a series, will provide an overview of the findings. Join us for subsequent blogs to get a deeper dive into the data.

Here are some of the report’s key findings.

Fully Mature IAM Strategies Are Surprisingly Rare

The report found that only 16% of respondents have a fully mature IAM strategy in place, which is characterized by fully operating programs, skilled workers, and C-level and board executive awareness. The remaining 84% are currently dealing with inadequate budgets, programs stuck in a planning phase, and lack of senior-level awareness.

“Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks, and their financial consequences,” said Jeff Margolies, Chief Strategy Officer, Saviynt.

Most Organizations Averaged Three Data Breaches in the Last Two Years

The report found that more than half (56%) of respondents claim their business had an average of three data breaches or other access-related security incidents in the last two years. Further, 52% of these respondents claim the breach was due to a lack of comprehensive identity controls or policies.

Yet the number of digital identities continues to skyrocket, creating ever more complex enterprise environments that require new strategies, investments, and technology to close security gaps.

Limited Visibility and Inadequate Controls

Enterprise-wide visibility is critical to reducing risks in privileged user access and yet the complexity of today’s enterprise ecosystems only further impedes transparency. According to findings, a little over a third of respondents (35%) are confident that they can determine privileged users are compliant with policies. That same percentage (only 35%) have high confidence in the effectiveness of current security controls preventing internal threats involving the use of privileged credentials.

The top reason for lack of confidence in achieving visibility of privileged user access is confirmed by 61% of respondents, citing that they can’t keep up with the changes occurring to their IT resources.

Compliance and Regulations Issues

Beyond the lack of confidence in user access controls, there are also compliance and regulations issues to address. Data shows that almost half of respondents (46%) say their business failed to comply with regulations because of access-related issues. Beyond lawsuits and fines, many victims have suffered from loss of revenue, customers, and reputation, but almost two-thirds of respondents (64%) say IT systems downtime was the biggest consequence of compliance failures. 

Automation Will Be Key To Reducing Security Team Workloads

Another key finding was the importance of automation to ease the burden of manual identity management processes. Of those surveyed, 56% claimed that granting and enforcing privileged user access rights required too much staff to monitor and control. 51% felt they were unable to keep pace with the number of access change requests. Automating these processes would save time and boost security as well.

“While these numbers certainly raise concerns,” says Margolis, “our research also shows that many organizations are recognizing the benefits of a converged identity platform such as Saviynt, which combines multiple identity management capabilities into a single cloud solution to unify controls, improve visibility, and reduce risk. In fact, 71% of respondents are actively considering, or plan to adopt, converged identity governance & administration (IGA) and privileged access management (PAM) solutions to reduce costs and provide frictionless access to enterprise resources.”  

Stay tuned for more details on the data coming next in this series.