7 Critical insights on identity security: A 2023 survey 

The ever-evolving digital landscape demands a shift in how companies approach identity security. This past fall, we surveyed more than 375 identity security decision-makers from companies globally. The findings? A treasure trove of insights to navigate today’s identity challenges. Here’s what we discovered: 

1. The business case for identity security is being missed 

Many security professionals need help to showcase the business value of identity security — mainly due to limited budgets and a need for more focus from executives. The solution lies in presenting a strong business case tailored to resonate with executive priorities, making the business value crystal clear. 

2. Most companies are at ground level 

About half of the surveyed companies are still at Horizon 1, the nascent stage of their identity journey. Progressing to subsequent stages appears challenging, especially from Horizon 1 to 2. However, the silver lining is that companies at Horizon 2 find it easier to move to Horizon 3, indicating that initial investments can pave the way for future advancements. 

3. Maturity is not a barrier to advanced capabilities 

Interestingly, regardless of their maturity, companies have shown similar success rates in adopting advanced capabilities. A consistent 50-70% capability coverage across various domains hints that even low-maturity companies can achieve success when adopting advanced features. 

4. Breaking through Horizon 1 requires a solid strategy 

To transition from Horizon 1, companies must focus on crafting a robust operating model, addressing technical debts (like legacy applications), and, most crucially, developing a persuasive business case. 

5. Comprehensive coverage is crucial 

It’s alarming that even mature companies have governance gaps, covering less than 70% of identities. As identities are projected to grow by 6-10% in the coming years, companies need to scale their identity capabilities. Otherwise, they risk falling behind and exposing themselves to potential threats. 

6. The talent crunch is real 

Finding the right talent for identity security is an uphill battle, especially for small and medium-sized companies. Since identity security skills are industry-specific and highly niche, this creates a considerable challenge. 

7. Modern technologies offer a competitive edge 

Companies that harness the power of SaaS, AI, and automation are in the fast lane. They scale their identity programs 10-30% faster and extract more value from their investments, indicating the undeniable advantages of these technologies. 

So, what does all of this mean?  

Winning executive buy-in for identity security hinges on presenting a tailored business case complemented by an execution roadmap. These elements need to be dynamic, adapting to ever-changing business and tech scenarios. As they embark on their identity journey, companies should strategize based on their current maturity. 

Companies in Horizons 1 and 2 can aim for a “leapfrog” approach by tapping into SaaS, AI, and automation, ensuring swift scaling. For more mature organizations, the goal should be to expand capability coverage, creating a comprehensive identity security program that includes every facet of their tech ecosystem. 

Ultimately, in today’s diverse and interconnected identity landscape, building a holistic identity security program is not just a necessity; it’s a competitive advantage.  

Read the report for a deep dive into the strategies and opportunities that await and understand how to overcome the identity security challenges of today—and tomorrow.