In the business world, we have undergone a fundamental change: employees can work from anywhere and on a multitude of devices, data and applications are no longer wholly stored in-house, and new software and technologies are changing the way we interact with one another both on a personal and professional level. In short: the digital transformation is here. This paradigm shift has brought us many great advantages, but it has also created problems, especially in the realm of identity management.
In a recent survey in conjunction with KuppingerCole, senior information executives were asked how the digital transformation is affecting their enterprises. 77% reported to be already undergoing digital transformation and 48% think that threat or breach mitigation is a very important component of it.
The threat vectors during this digital transformation are also evolving. Employees usage of mobile devices was found to be high in all verticals, and is only expected to increase over the next three years. This poses a particular problem for organizations who need to not only enable those employees to effectively use their mobile devices for work, but also secure the data that resides on them and that is accessed from them.
An obvious new threat is that data and applications are now being stored and delivered from the cloud. Much like with mobile devices, cloud usage is expected to increase over the coming years, partially driven by economic considerations, according to the study. However, even with this trend in delivery preference, not everything is moving to the cloud; in fact, the majority of organizations have no plans to migrate their legacy applications to the cloud. Therefore, a sound security and identity strategy must encompass both on-premises and SaaS applications simultaneously and with the same level of scrutiny.
The ease of use in procuring SaaS applications has given rise to the phenomena known as shadow IT. Because employees are able to sign up for and make use of SaaS applications without IT or security oversight, organizations potentially expose themselves to hidden and undue risk. The reality is that many SaaS applications can be used to process, store and share information that was traditionally kept under tight control behind the corporate firewall. We reported on this in our 2016 Market Pulse Survey, and those results are repeated here. “65% of senior information security decision makers in Europe see shadow IT as a challenge to creating a secure IAM solution.”
The importance of mitigating these threats is why 92% of the survey respondents said they were maintaining or increasing their identity and access management investment over the next three years. By implementing an identity governance solution, enterprises can gain a holistic view into all their systems and data, helping to mitigate their risk of a breach.