As organizations seek to capitalize on digital transformation through rapidly developing and hosting new services online, they frequently under-invest in adequate cyber security measures creating significant risks, in particular governing user access. This was revealed according to a survey conducted by Capgemini, one of the world’s foremost providers of consulting, technology and outsourcing services, and RSA, The Security Division of EMC.
“Identity Crisis: How to Balance Digital Transformation and User Security?”, a survey of more than 800 C-level executives in the US, UK, Germany, France, Benelux and the Nordics1 revealed that 62 percent believe it is very important or critical for their organizations to enable or extend access for users to digital services securely, yet only 26 percent have the technology in place to do so.
However, it is clear from the findings that organizations recognize the need to do more to improve the user experience, with 84 percent acknowledging the need to offer more flexible, adaptive authentication methods and IDs.
Jim Ducharme, Vice President of Identity Products at RSA, said, “As organizations extend to the cloud they must ensure they have solutions in place that address the risk and threats associated with assuring user identities. These solutions must understand who is accessing what; manage that access effectively; and control access across the various cloud services. These elements are absolutely essential to giving the organization the assurance that users are who they say they are in a cloud environment.”
The findings show that companies are moving to bridge the divide and bolster their existing security practices. In the wake of high profile, extremely damaging online breaches, Secure Identity Access Management (IAM) services are seeing a noticeable increase in investment. Nearly seven in ten companies (68 percent) report a rise in their IAM budgets, with 28 percent noting a ‘strong’ increase.
The survey also revealed a shift in the way IAM is being viewed and implemented, prompted by maturing and emerging technologies and anticipated user demand. The results suggest that allowing users to bring their own identity, where visitors use their existing social identities to log in, is viewed as many companies’ ultimate goal as long as it can be implemented securely.
Interestingly it is apparent that this ambition is being balanced with widespread uncertainty surrounding data privacy, security regulations and transparency regarding where services are hosted. The report highlights:
“It is clear that the days of logging into a company’s system with a username and password specific to that organization are numbered. Users aspire to log in from anywhere in a variety of ways, including with social media profiles and existing email account,” said Mike Turner, Global Cyber Security COO at Capgemini Group.
“The ownership of online identities is moving away from the organization to more flexible and secure services maintained by the user, addressing access management needs. While it is extremely positive to see increasing recognition and investment from senior leadership, a considerable gap between the task at hand and the current capabilities of many organizations remains. The extent of this security challenge should not be underestimated.”
These findings are drawn from a survey of 831 C-level decision makers, with a majority of respondents from IT departments (47% IT services and 29% IT security), and other participants from departments such as Sales & Marketing, HR or Finance.
Conducted by Kuppinger Cole on behalf of RSA and Capgemini, those surveyed were based in the US, UK, Germany, France, Benelux and the Nordics4 represent organizations with more than 500 managed identities, of both employees and consumers. One third of the organizations covered are in the range of 5,000 to 50,000 managed identities, while 40% have more than 50,000 identities under management and 7% are managing more than 1 million users.
Image credit: LinkedIn