While the majority of organizations understand the importance of identity security, only 9 percent are taking an agile, holistic, and mature approach to protecting identities in their hybrid and multi-cloud environments.
That's according to a new study by CyberArk. This also provides a maturity model that helps security leaders assess their current strategies, uncover risks and strengthen cyber resilience. For the report "The Holistic Identity Security Maturity Model: Raising the Bar for Cyber Resilience"1, CyberArk and the Enterprise Strategy Group (ESG) surveyed 1.500 security experts worldwide, including Germany. The aim was to determine trends in the introduction of identity security and the relative degree of maturity of companies when implementing corresponding strategies.
Holistic Strategies
The results show that only 9 percent have holistic and mature strategies. These transformative organizations are identity security focused, agile, and use even a successful cyberattack to learn and improve. At 42 percent of the companies, however, the initiatives for identity security are still in a very early stage of maturity. They lack the basic tools and integrations to quickly mitigate identity-related risks. A growing attack surface for attacks on identities, complex IT and various organizational obstacles contribute to this lag.
More insights
- Focus on technologies: 69 percent of C-level executives believe they are making the right identity security decisions—but only 52 percent of real-world technical decision makers and security professionals. In addition, there is the perception that IT security can be achieved by investing in the right technologies. But that's only part of the story: it's just as important to invest strategically to support the adoption and integration of technologies into existing environments, breaking down silos and improving training.
- Endpoint discrepancy: 92 percent of respondents see endpoint security or trusted devices and identity management as critical to a robust Zero Trust strategy. In Germany it is even 99 percent. However, only 65 percent (Germany: 70 percent) believe that the ability to correlate data is essential for effective endpoint protection.
- Fragmented Efforts: 58 percent of organizations have two teams responsible for protecting identities in the cloud and on-premises. They also rely on numerous point solutions that make it difficult to understand real-time security status.
"The research demonstrates the link between a strong identity security strategy and better business outcomes," said Jack Poller, senior analyst for the Enterprise Strategy Group (ESG). "Regular and up-to-date maturity assessments help ensure the right users have access to the right data and that organizations can stop threats quickly enough - before they disrupt business operations."
Evaluation of strategies for identity security
The Holistic Identity Security Maturity Model Framework is based on the insights from the survey and is designed to help organizations assess their maturity in the following four areas of identity security:
- procurement of tools for administration, authorization control, governance, authentication and authorization of all identities and identity types
- Integrations with other company IT and security solutions for secure access to all assets and environments
- Automationto ensure compliance with guidelines, industry standards and regulatory requirements and to respond quickly to a wide range of routine and abnormal events
- Continuous threat detection and response, based on a deep understanding of identity behavior and organizational policies.
Successful Attackers
“63 percent of companies state that they have already been the victim of an identity-based attack. But given the scale at which attackers are targeting and compromising identities, the percentage is likely much higher,” said Amita Potnis, director, thought leadership marketing at CyberArk. “Companies that want to implement a holistic strategy for identity security should focus on secure access for all identities - human and machine - and on an automated approach to identity security. Our research shows that many companies are already investing in this direction. 24 percent are investing more than 10 percent of their total security budget in identity security this year.”
Transformative organizations, which account for 9 percent of respondents, have reached the highest level of maturity and are adopting a unified approach to identity security. The CyberArk Identity Security Platform supports such an approach by combining intelligent authorization controls for all human and machine identities with continuous threat detection and threat response throughout the entire identity lifecycle. This enables organizations to implement Zero Trust and Least Privilege with complete transparency, ensuring that any identity can securely access any resource - anywhere, from any location.
More at Cyberark.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.