Navigating the digital landscape: A deep dive into the Horizons of Identity Security 2023-24 with Accenture
In today’s digital landscape, where our online interactions seamlessly merge with our offline lives, it’s never been more clear how vital identity security truly is. With businesses leaning more towards SaaS solutions and facing increasingly sophisticated cyber threats, a solid identity strategy is non-negotiable. Building upon the foundation SailPoint started last year, we conducted this year’s “Horizons of Identity Security 2023-24” study to better understand adoption patterns, barriers, and best practices of identity security programs for today’s enterprises. To bring even more depth and expertise to our research, we collaborated with Accenture, whose global reach and deep insights into cybersecurity made them the perfect partner for this endeavor.
I recently had the pleasure of sitting down with Damon McDougald, Global Digital Identity Lead of Accenture. Damon’s extensive 20-year background in identity and long-standing partnership with SailPoint made our conversation both insightful and enlightening. Together, we discussed the findings of the report, aiming to unpack the implications for organizations at various stages of identity security maturity. Below is a highlight of our discussion.
I first asked Damon for his ultimate takeaway from the study. With so many findings and lots of data, what came out on top and resonated with him most.
Damon: As identity professionals, it’s imperative to have a plan. You need to understand your current state, maturity, and how business controls intersect with needs. With all the innovative endeavors a company wants to undertake, identity is essential to secure access. Without a clear plan or understanding of the next steps, most organizations falter right at the beginning.
Wendy: The majority of organizations are still at the beginning of their identity journey and market dynamics keep changing. What are the issues organizations face that keep 44% of them at horizon 1, which is the lowest maturity level?
Damon: The challenges to maturity are multifaceted. First, the industry hasn’t made it easy due to the plethora of choices available. We saw the main players like Sun and Waveset in the 2000s, then a consolidation of toolsets, followed by a shift towards full-platform vendors. Now, we’re witnessing a return to platforms serving as unified solutions. The question for many is, how do we invest now to ensure longevity? Additionally, the skillset is a challenge. Professionals need to understand the software, its application to the business and partner effectively with the business. It’s arguably the hardest job in cybersecurity.
Wendy: There is a lot of discussion around business value because often times being able to show business value and get stakeholder support is incredibly critical. Business value comes in many different ways, from risk mitigation, productivity enhancement, and beyond. So what is your approach to helping your clients show the business value of their identity program?
Damon: It’s pivotal to shift the perception of identity from merely a cost center to an enabler of business growth. At Accenture, our approach emphasizes business enablement. We focus on accelerating operations and reducing costs by standardizing tools, such as SailPoint. By tracking progress against set plans, monitoring organizational adoption and assessing daily system usage metrics, we provide tangible evidence of the program’s value. Moreover, continuous engagement with executive leadership and stakeholders ensures that the program remains aligned with the organization’s evolving goals and addresses emerging challenges.
Wendy: One of the key differentiators when we model the five horizons is really the adoption of AI and ML capabilities so they can automate processes and streamline complicated tasks. When you look at things through that lens, how do you see organizations at the higher horizons benefiting from AI and ML?
Damon: Once organizations have the identity basics in place, like certifications and birthright access, they can leverage AI and analytics for automation. AI can predict new identities, providing robust access upfront rather than just the initial birthright access. Many organizations still manually fulfill access, but with a smart identity tool, provisioning can be direct and precise. Automating data retrieval and the subsequent reactions of the identity system can save time, effort, and allow teams to refocus on business-centric tasks.
Wendy: It’s really about how organizations should pick the right vendor technologies. So when you approach this and help your client shape their approach to pick the right vendor, what advice would you give and what key things would you be looking at to pick the right solution?
Damon: When guiding organizations on selecting the right vendor technologies, it’s essential to consider several factors. First and foremost, the technical fit and the ability to meet specific technical use cases are paramount. Beyond the technical aspects, it’s crucial to align with the business functionality and use cases. This alignment requires involving business partners in the vendor selection process to ensure their requirements are met. Past performance and history of the vendor in similar industries or scales are also significant indicators. It’s not just about the promises made upfront but the actual delivery and support provided throughout the implementation. Engaging with references provided by the vendor and understanding their experiences, both positive and negative, can offer invaluable insights. Ultimately, the right vendor should be viewed as a partner, one that stands by you throughout challenges and helps drive the project to success.
Wendy: One final question: What advice do you have for organizations looking to move to a more mature identity horizon?
Damon: It’s imperative for organizations to have a clear understanding of their current state. Mapping this against a maturity model, such as SailPoint’s horizons maturity model, provides clarity on areas of improvement. The next step is to formulate a plan that aligns with business objectives and demonstrates tangible business value. This could mean showcasing outcomes like reducing help desk calls by 40%, cutting costs by 60%, or increasing automation by 90%. For instance, one of our clients significantly reduced fraud at their help desk by implementing strong authentication, which not only had a substantial dollar value but also decreased help desk costs. By demonstrating such business value, organizations can potentially self-fund their modernization journey, ensuring long-term success and alignment with business goals.
The “Horizons of Identity Security” report 2023-24, created in collaboration with Accenture, acts as a crucial guide for organizations of all identity horizons trying to navigate the intricate realm of identity security. It’s more than just about safeguarding systems; it’s about setting organizations up for future success by steering them towards a future where they don’t just get by, but genuinely excel.
Are you set to reshape your identity landscape? Explore the SailPoint Horizons of Identity Security 2023-24 report and take the Identity Security Adoption Assessment to see where you are in your identity security maturity journey, how your usage compares to your peers, recommendations based on barriers your organization is facing, and an overview of the business value investing in identity can provide.