The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, has released a study titled, “2021 Trends in Securing Digital Identities,” based on an online survey of over 500 IT decision makers. The report examines the impact that the COVID-19 pandemic and increase in remote work had on identity and access management (IAM) in the enterprise, as well as the implementation of identity-focused security strategies. It also provides several key takeaways.
Over the last year, the shift to remote work has led to an increase in the number of digital identities and an increased focus on identity security, but it also resulted in a decrease in confidence in the ability to secure employee identities. According to the study, four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. In accordance, the study says the majority of organizations have made changes to better align security and identity functions, with one of those changes being increasing chief information security officer (CISO) ownership of IAM.
Despite additional security challenges introduced in 2020 with more digital identities, exponential remote access, and more personal devices, the study says the number of identity-related breaches remains flat. Seventy-nine percent of organizations experienced an identity-related breach within the past two years, the same as reported in a previous study conducted by the IDSA in April 2020. Increased attention also appears to be correlating with increased investment, as the IDSA expects nearly all organizations to invest in identity-related security outcomes in the next two years.
“The past year forced organizations to recognize the importance of securing digital identities, whether maintaining employee productivity through secure access from anywhere, using any device, or transforming engagement with customers to secure online services,” says Julie Smith, executive director of the IDSA.
“If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”
Key Research Findings
Remote work has significantly impacted identity security.
- 83% report that remote work due to COVID-19 increased the number of digital identities;
- 80% say the shift to remote work increased focus on identity security; and
- Confidence in the ability to secure employee identities dropped from 49% to 32% in the past year.
Breaches are still prevalent, but investments in targeted prevention are accelerating.
- Identity breaches are not increasing, but they are having an impact on organizations;
- At least 70% report they began implementation or planning of identity-related security outcomes in the past two years;
- 97% will make investments in identity-related security outcomes over the next two years; and
- 93% believe they might have prevented or minimized security breaches by using identity-related security outcomes.
Security is taking a broader role in identity management, with positive effects.
- 64% report that they have made changes to better align security and identity functions within the last two years;
- 87% report the CISO has a leadership role when it comes to IAM, a dramatic contrast to 53% that said the same about the security team in 2019; and
- Organizations where the CISO has ownership of IAM are more likely to say the security team has an excellent understanding of their identity strategy and implement identity-related security outcomes.
Dimensional Research conducted an independent online survey of IT security and identity professionals in the United States. All 512 participants were directly responsible for IT security or IAM at a company with more than 1,000 employees, and participants included a mix of roles, company sizes, and vertical industries.
The full report is available for download here.