A recent report, "The Horizons of Identity Security", issued by SailPoint in partnership with Accenture, highlights the pressing need for robust digital identity security. With 90% of organisations reporting an identity-related security incident in the past year, the report underscores the urgency of addressing cybersecurity challenges in an era increasingly dominated by cloud workloads and SaaS (Software as a Service) solutions.
SailPoint's survey of Identity and Access Management (IAM) decision-makers globally reveals a landscape where digital identity forms the crux of cybersecurity strategies. Despite this, a significant portion of companies, particularly at the lower end of the maturity spectrum, struggle with foundational governance and visibility into their digital identities.
The report identifies four key technological advancements shaping the future of digital identity: AI-backed dynamic trust models, integrated identity programs, universal IDs, and frictionless access. It categorises organisations into five 'maturity horizons' based on their strategy, talent, operating model, and technological capabilities. This model ranges from those with fragmented identity experiences and basic manual processes (Horizon 1) to those at the forefront, integrating advanced digital tools and AI in their identity programs.
A key takeaway from the survey is the critical role of effective communication in advocating for identity security investment. The primary obstacles identified by respondents were constrained budgets and limited executive sponsorship or focus. Remarkably, 91% cited budgetary constraints as the main barrier to investment, highlighting a disconnect between the perceived and actual value of identity security within organisations.
The report also underscores the tangible business benefits of a well-conceived identity program. For example, companies have reported faster cloud migrations, improved time-to-market for new products, and significant cost savings through the automation of governance processes. One highlighted case study of a regional bank showed savings of over $1.5 million annually due to streamlined access provisioning during cloud migration. Another case involved a transportation company that avoided over $3 million in expenses by preventing a ransomware attack through robust identity security.
Despite these compelling examples, the report suggests that many security professionals struggle to effectively communicate the business value of identity security. To bridge this gap, it recommends a five-step process for building business cases tailored to the maturity of the identity program and the specific business context. This involves identifying executive-level advocates, assessing current states and needs, evaluating opportunities, drafting actionable implementation plans, and delivering these plans to senior leadership in a language that highlights the return on investment and strategic importance.
SailPoint’s report paints a picture of a rapidly evolving cybersecurity landscape where digital identity is pivotal. While technological advancements offer promising avenues for enhancing identity security, the challenges of budget constraints, executive buy-in, and effectively communicating the value of such investments remain significant hurdles. The report emphasises the need for tailored, strategic approaches to navigating these complexities, ensuring that organisations can both secure and leverage their digital identities to drive business value in an increasingly interconnected world.