Organizations Have Identity-Shaped Holes In Their Security

IT leaders are under tremendous pressure today. They’re charged with enabling users to be productive while addressing growing security and compliance challenges amid the digital transformation that virtually every enterprise is going through. It can be overwhelming, which is why SailPoint created the industry’s first identity benchmark, the Identity Report.

In 2017, we unveiled an in-depth self-assessment for organizations to tell us about their identity governance strategy and program. Based on that input, we provided an Identity Score – similar to a credit score – to help organizations understand areas of improvement. We recently analyzed 450 of those Identity Score reports to create the Identity Report benchmark, which will provide these IT leaders with a roadmap to systematically improve their security and compliance programs.

Implementing Identity to the Fullest

 The good news is that 54 percent of organizations have an identity program. That figure lets us know that the scales are tipping in favor of a comprehensive approach to security, which must include identity. The bad news is, there is a very long way to go when it comes to maturing those programs to do all that they were designed to do.

For example, less than half of the provisioning in the respondents’ identity programs is automated, but as the stores of data and number of applications continue to grow rapidly, automation is critical for IT teams operating with limited resources. Humans simply can’t operate at the speed of the digital transformation nearly all enterprises are going through, so automation is key. Without the full capabilities of identity in play, identity policies can’t be effectively enforced, leaving both security and compliance gaps wide open.

You Can’t Govern What You Can’t See

Beyond governing users and their access to critical business applications, the new million dollar question for identity programs is being able to answer, “who has access to what data?” With data breaches sometimes costing millions, it truly is a million-dollar question that many organizations still can’t answer. The majority of enterprises who took the assessment – 71 percent – couldn’t produce a full report on their users and their access to systems and data, spelling trouble in the event of a data breach or audit.

These blind spots create a 360-degree level of risk, where a potential threat could sneak by from any angle. Without a “single pane of glass” view, enterprises simply cannot have all the information they need to make the right decisions on who should have access to what, much less see what users are doing with their access and whether or not it’s appropriate.

Cloudy with a Chance of Ungoverned Access to Data

For today’s enterprises, data has become its own monolith. Data is running rampant and growing exponentially, yet only 9 percent of organizations are governing and monitoring access to all sensitive corporate data. The fact that most corporate data is now unstructured adds an additional layer of complexity that many organizations aren’t planning for. That was evident in our findings, as the governance of access to data stored in structured systems outpaced data stored in files by 14 percent.

With compliance around data privacy becoming a top priority for businesses, organizations must govern access to these resources, which range from financial data and healthcare records to personal employee information. Put simply, a comprehensive approach to identity must include governing access to files, allowing real-time monitoring and automatic alerts to properly control and govern access to data stored in both structured and unstructured systems.

Where Identity Comes In

Ultimately, cyberattacks are simply a symptom of poor cybersecurity. Identity treats the overall problem of unbridled access to what hackers find most valuable – the identities that hold the keys to valuable systems and data. With a comprehensive identity program at the center of your security strategy, you’re well-equipped to keep your valuable enterprise data secure while moving business forward – that’s the power of identity.

You can learn how your identity program measures up to your peers, as well as the steps you can take to fix the identity shaped holes in your security strategy, by taking the Identity Score assessment here and seeing where your identity program falls on the spectrums of visibility, governance and data.

Check out the full report and join us on January 24 for a webinar exploring this year’s report.


Discussion