Skip to Main Content

The Horizons of Identity Security

Nobel prize-winning author John Steinbeck once said, “…to find where you are going, you must know where you are.” Having a starting point in whatever journey you are undertaking is vital as the path forward starts from there. 

In the case of our world, identity security for large, complex enterprises – it’s not about a distinct start and end point. It’s not one-and-done. It’s a program with key mile markers and successful business outcomes, and it builds over time.  Think of these mile markers as horizons to work towards and achieve before you hit that next horizon.  

That’s what we just worked through in a new research study called “The Horizons of Identity Security.”   

In May and June of this year, we surveyed identity security decision-makers across the globe to clearly define the core capabilities across five distinct horizons of identity security.  And importantly, we used this data to better understand where these organizations were on their identity journey. Now, we have a clear understanding of just how far along in their identity journey companies are today so that we can provide to them prescriptive paths forward that align to their business goals.

There’s a lot to dig into here. I’ll touch on just a few of the bigger takeaways, but I urge you to read the report in full. The data confirmed what we already largely believe:  The future of identity will be shaped by ongoing technology shifts including integration across technology environments, dynamic trust models that evolve based on behavior and interactions, universal identities that can merge with federated access across domains and geographies, and frictionless access that is dynamic, automated and code-driven.  

The 5 Horizons of Identity Security 

To achieve the future vision of identity, companies we surveyed generally fall across 5 horizons of identity security:  

  • At Horizon 1, the lowest maturity, companies lack the strategy and technology to enable digital identities. 
  • Those at Horizon 2 have adopted some identity technology but still rely heavily on manual processes. 
  • For organizations at Horizon 3, the identity program has become digitalized, scaled up, and adopted more widely across the company.  
  • Those at Horizon 4 have automated at scale and use artificial intelligence (AI) to enable digital identities. 
  • Horizon 5 is closest to the future of identity – serving as a critical control point in reducing cybersecurity risk and supporting businesses in next-gen technology innovation. 

Interestingly, we learned that nearly half of companies fall into horizon 1, which means they’re behind on the identity journey leaving significant value to be gained on the table. There lies huge opportunity for companies that fall into this category. This value includes improving their overall security posture and driving up business resilience – two critical and foundational elements for enterprise security. For organizations in horizons 1, 2 or 3, evolving your identity program is not a choice, it is mission-critical for your business. Put another way, it’s business essential.  

The cost of inaction 

The costs of inaction here are high and include increased risk of cyber-attacks, productivity losses, enormous regulatory fines, lost revenue, and reputational damages. Not to mention the fact that many companies in horizons 1 and 2 are overspending on their program – allocating the same portion of cyber budget as horizon 4 companies but only getting a fraction of the benefits. 

I can’t repeat it enough – no enterprise today can afford to take a “good enough” approach to identity security. And this report fully validates what we’ve seen among companies, especially in the last few years. Identity security has evolved to be core to securing the enterprise today. From that lens, wouldn’t you want to strive for the best of, aiming for horizon 5? Think about that as you take your own self-assessment here.


Discussion