As attack surfaces continue to expand, it is critical for companies to understand the evolving landscape of identity security.
by: Matt Mills, President, SailPoint
SailPoint recently published a new research report titled The Horizons of Identity Security, which detailed the current and future state of the identity security market. The report was designed to help identity security customers—but also providers and developers—understand the ways in which the industry is evolving to meet both emerging threats and shifting needs. It’s no secret, the implementation of artificial intelligence (AI) and machine learning (ML) has become more common. This wider-spread adoption of AI and ML has begun to drive identity maturity, spurring new innovations that will change the future of the industry.
For businesses just getting started with identity security—and even those well on their way—understanding the shape of the market and its future is critical. Some of the report’s key findings can help inform the way companies approach identity, providing important context on today’s most dangerous threats and why a growing number of companies are prioritizing identity security to combat them. As the attack surface continues to expand, it will only become more important for companies to understand the world of identity security and what its future may hold.
Identity Growth Is Expanding the Attack Surface
When most people think of “identities,” they think of employee accounts, and maybe individual devices. But the truth is that the number of identities in use has grown exponentially, and now includes customers, contract and temporary workers, partners and other third-party entities, and—most importantly—machine identities. Virtual endpoints, Internet of Things (IoT) and Operational Technology (OT) devices, software bots, cloud applications, and other machine identities now make up 43% of identities across the average enterprise. What’s more, machine identities are projected to grow at a rapid pace over the next 3-5 years—higher than the anticipated 14% growth rate across all identity types.
This massive increase in the number of identities in use has—naturally—made them more difficult to effectively manage and protect. Recent that 84% of organizations have experienced an identity-related breach in the last year, and 96% indicate that they believe it could have been prevented. Today, the average cost of a data breach is over $4.3 million—and that doesn’t even include reputational damage and potential regulatory fines and other penalties. While the initial cost of implementing stronger identity security can be intimidating, the cost of noncompliance can be even higher. And that’s not all, the Horizons of Identity Security report found that while companies in the beginning stages of identity maturity tend to allocate more than 15% of their cybersecurity budgets on identity, 71% of the most mature companies spend a smaller share but get more value. This is a strong indicator that identity security programs become significantly more efficient as they mature.
Identity Security Has Significant Room for Growth
The report found that nearly half of all companies are at the beginning of their identity journey, with 45% indicating that they have a fragmented identity experience across the organization. Just 20% have digitized identity management, and only 6% say they have advanced digital tools and predictive use cases in place. While that number might seem low, it is a good indicator of the opportunities for growth within identity security—especially as new AI and ML tools become available. No matter where a company is in its security journey, it will see more resources become available to help strengthen its identity program.
The data backs this up: over 50% of respondents indicated that they have already implemented or plan to adopt AI and ML models to boost their identity security capabilities within the next two years, and 34% have shown a willingness to invest in behavior-based dynamic trust models. Dynamic trust models are significant because of their capability to evolve with the needs of the organization and adapt to changing circumstances. This is critical as businesses look for ways to limit their risk and exposure. Many are already reaping the benefits of dynamic trust: 22% of respondents indicated that they use automated, AI-based access models for separation of duties and access controls, and another 17% said AI models are already driving auto provisioning decisions and making automated access review decisions. As the number of identities in use continues to grow, manual management is becoming increasingly cumbersome, making automated capabilities not only helpful but essential.
Identity Needs Go Beyond Security
While identity security should be an obvious top priority for today’s organizations, the Horizons of Identity Security report found a number of additional ways in which better identity management can make a significant difference. As many as 50% of helpdesk calls are password-related, wasting IT professionals’ valuable time with mundane tasks that could be eliminated through modern identity and access management solutions such as passwordless access. The report found that 58% of customers have abandoned a purchase due to login friction, while fully 86% of customers are willing to pay more for a great user experience. This finding highlights the fact that identity isn’t just a security tool—it’s a way to improve how customers and partners interact with your business.
The horizons of identity security extend far beyond security. As the number of identities continues to skyrocket and applications like passwordless access and automated provisioning become more convenient and accessible, the need for effective identity management will only grow. Organizations looking for the inside scoop on what shape that evolution will take should download and read the full report today.
Matt Mills brings over 30 years of experience to his role as SailPoint’s President. Previously, Matt spent over 20 years at Oracle as Senior Vice President North America Sales where he oversaw over 8,000 employees and was responsible for $4.5B in annual revenues. More recently, Matt was the CEO of MapR Technologies until 2018 and is currently a board advisor and member to early-stage SaaS companies.