SailPoint presents The Horizons of Identity study, which examines the maturity of identity programs in organizations. New data shows that despite the growing threat of identity-based attacks, nearly half of organizations are just beginning to embrace identity security.
SailPoint Technologies Holdings, Inc., the leader in enterprise identity security, today announced the findings of a new research report titled "The Horizons of Identity." At a time when hyper-innovation and rapid technology evolution have become the engine for global enterprises, mature identity programs are becoming a must-have to secure and support digital at scale. The survey data for the current report was compiled from input from more than 300 cybersecurity executives from global companies. The data shows where the identity security industry currently stands and enables an assessment of the maturity of identity programs in companies.
Protection of identities - a business imperative
Investing in identity security is no longer optional—and the costs of inaction are rising. 84% of organizations have experienced identity breaches (source: IDSA), with 96% believing these incidents could have been prevented. The cost of the security breach itself is often not the end of the story, as new regulations often impose hefty fines. While compliance can be a significant cost, non-compliance can be many times more expensive. For example, the GDPR provides for fines of up to 4% of global revenue if a company fails to comply.
The identity landscape is getting bigger and more complex
The growing number of identities, which also interact in increasingly complex ways, underscores the need for a strong identity program. These identities include far more than just user credentials: organizations today need to protect machine identities, customers, employees, contract and temporary workers, partners, and more. According to the report, machine identities make up 43% of all identities in an average company, followed by customer (31%) and employee identities (16%). It's no coincidence that machine and customer identities are the two identity types projected to grow the fastest over the next 3-5 years. And notably, the total number of identities is expected to increase by 14% over the same period.
Considerable potential for optimization in identity security
"The truth is, almost every organization recognizes that identity security is a challenge, yet many don't know how to address it," said Matt Mills, President of Worldwide Field Operations, SailPoint. “By adopting a maturity model that both vendors and customers can refer to, we want to create a common foundation upon which organizations can reach full maturity—faster and without the teething troubles that many suffer. As our report shows, 45% of companies are still at the beginning of their identity journey.
This opens up a unique opportunity for them to take advantage of today's technology to implement a comprehensive, AI-powered approach to identity security from the ground up. Since the identity requirements of companies cannot be handled with human capacities, this approach has quickly become a necessity. And not only that: identity security has become one of the most important requirements for protecting modern companies.”
Unsurprisingly, the report found that high-tech companies are the most mature when it comes to protecting identities, followed by financial services firms and security firms. In contrast, the need for improvement is greatest in the media and entertainment industries and in transportation. Of the organizations with the highest maturity in identity security, 71% are large enterprises and 64% are located in North America, compared to 21% in Europe and 14% in Asia Pacific.
AI and machine learning open up great opportunities
As digital identity environments grow in complexity, artificial intelligence (AI) and machine learning (ML) can drive mature identity security. More than 50% of respondents said they have already implemented AI/ML models to increase their capabilities or plan to do so within the next two years. However, only 21% trust their current AI capabilities - so there is still room for improvement. In addition, organizations are increasingly realizing that an integrated identity model helps reduce the overall attack surface. 50% of survey respondents said they want an identity-centric security platform that spans all identities, covering machines, clouds, SaaS, and APIs. So this is the platform type that most companies prefer.
Spend does not correlate to maturity or ROI
One of the most interesting insights from the report is that organizations use their security tools more efficiently as their identity security matures. Of those organizations that are still in the early stages of security, over a quarter said they spend more than 15% of their IT security budget on protecting identities.
Conversely, 71% of more mature organizations said they spend a smaller proportion of their budget but get more value from it. As a result, 28% of the least mature organizations overspend without realizing the full security benefits. This underscores the need for organizations to view identity security as an ongoing project and not as a "complete" solution at some point. Identity security must evolve with the business.
The Horizons of Identity report makes it clear that a strong identity program is becoming increasingly important; shows how identity can become an engine of innovation; and outlines the five horizons through which organizations move as they begin protecting identities and progressively expand their approach.
More at Sailpoint.com
About SailPoint
SailPoint is the leader in identity security for the modern enterprise. Enterprise security begins and ends with identities and access to them, but the ability to manage and secure identities is now far beyond human capabilities. Powered by artificial intelligence and machine learning, the SailPoint Identity Security Platform delivers the right level of access to the right identities and resources at the right time.