Businesses around the world recognize that it's crucial to take the necessary precautions to verify identities and manage digital credentials when conducting business online. In fact, a recent study by Pierre Audoin Consultants (PAC) found that 93% of 200 polled European businesses claimed that they planned to maintain or increase their identity and access management (IAM) spending over the next three years.
The PAC study surveyed businesses in a variety of different industries, including the transport, telecoms, services, retail, manufacturing, insurance, banking, and public sectors. The results reveal that IAM is a consistent challenge across all of these sectors. Further, it's not just larger organiaztions who plan to make investments. The results indicated that companies with 5,000 employees or fewer were exerting just as much effort into digital transformation as their larger peers.
Starting at the Top
CSOs and CIOs are becoming more informed and aware of the impact of breaches and the role of IAM in preventing threats from reaching that point. But increased awareness isn't the only factor in the growth of IAM. Executives at these organizations are viewing their threat mitigation strategies as perhaps the most important aspect of digital transformation-somes even above improved customer experience and increased revenue. It appears that the challenges of securely transitioning to a digital business model along with the potential for catastrophic breaches are encouraging executives to review their IAM strategies, and invest to address gaps.
Turning Insights Into Action
So, what can organizations do to better invest in their IAM deployments moving forward? If the perceived fears described in the research are any indication, it all starts with improved coordination and increased resource. Many of the same organizations that revealed plans to grow their IAM spending also indicated a distinct shortfall in adequate resources and training for successfully managing their IAM strategies. Furthermore, 65% of senior information security decision makers noted that shadow IT was a very real threat that could undermine their IAM initiatives. When executives coordinate their IAM deployments from the top down to maintain transparency and encourage policy adoption, they can conquer these concerns.
In order for an IAM strategy to be successful, the executives that have reported an increasing awareness of IAM importance must relay this message to everyone in their enterprises. This quickly becomes a two-part solution: Step one is to create simple, yet meaningful IAM policies that are communicated clearly to all users, while step two relies on consolidation of the technical implementation. The research revealed that one of the main pressure points many organizations face as they attempt to prevent breaches through IAM is a simple lack of training on the related policies.
Just as those policies would be ineffective without the coordination of a clear and trustworthy authority, disconnected IAM solutions often exacerbate the problem. Fifty-seven percent of the surveyed organizations have recognized this fact by considering adopting solutions that are at least partially managed by a third party in an effort to curb the effects of a fragmented IAM deployment.
As organizations continue to invest in their identity and access management strategies, they must remember to provide policy training from the top down and intelligently deploy IT resources. When organizations position their executives as champions of IAM policy and leverage the know-how and consolidation of managed IAM solutions, they can avoid the biggest potential pitfalls of IAM deployment, and ensure investments are productive.
Category: RSA Fundamentals, Blog Post