The state of Identity Security: Widespread attacks, wasted investment and identity sprawl

Identity management is in dire straits, according to a recently conducted survey by identity security firm One Identity. Surveying over 1,000 IT security professionals, the results showed that 96 percent of companies report using multiple identity management tools, with 41 percent deploying at least 25 different systems to manage access rights. However, 70 percent of companies reported they’re paying for identity tools they’re not actively using. This investment in multiple disparate identity tools is having a direct impact on their overall security posture.

Companies have acquired multiple identity tools to deal with the surge in digital identities (or digital profiles accessing enterprise data and applications), creating identity sprawl that weakens their cybersecurity postures. More than half of companies (52%) manage more than 10,000 identities, which include access rights given to employees, devices, machines, digital identities,  and customers. For over half of UK respondents, this indicates the identities they manage have more than doubled over the past two years

“Legacy approaches to identity and access management have caused organizations to adopt multiple identity solutions, and the lack of interoperability between these tools has a direct business and security impact,” said Mark Logan, CEO of One Identity. “Our research shows that organizations see the negative impact that multiple, fragmented identity tools have on their business. By shifting security professionals’ mindset from a disparate, tool-based approach to a platform approach, businesses can improve their identity security defenses to protect against the modern threat landscape.” 

Elsewhere, other key findings from the survey include:

The need for shoring up identity-based defenses is significant. Nine in 10 organizations were hit by an identity-based attack in the last year, with almost 70 percent of companies experiencing a phishing attack. According to 80 percent of respondents, better identity management tools could have prevented the impact of many such attacks.

Essentially all companies (99 percent) report that identity tool inefficiencies have a direct cost on their business. In fact, 42 percent of businesses report that those inefficiencies are costing businesses over $100,000 per year. This kind of loss is further outweighed by spending on these tools, which 61% of UK respondents placed at between £50 and £50,000.

The deployment of multiple identity management tools impacts security posture and drains productivity. Consider that for those with multiple tools:

  • 44% reported increased risk due to potential gaps in coverage
  • 46% reported IT admins are spending too much time managing redundancies
  • 46% reported IT admins are managing too many tools to gain in-depth expertise in any of them
  • 41% report that IT team’s productivity is lower because they have to learn similar tasks across multiple systems

The good news is that companies are looking to improve their identity security, with an overwhelming 90 percent of companies surveyed planning to consolidate their security or identity management tools. Of that 90 percent, more than half plan to do so in the next year. More than half (54%) of respondents also believe that a unified identity platform for access and identity management would benefit their organization’s identity management strategy.

A free executive summary and key findings of the survey results announced today is available online here.

Source link