Identity Security Maturity Assessment

Question 1 of 6

Does your identity security program align to your overall business strategy, so that it is understood and utilized across your organization?

Rate the focus of identity security within your organization’s strategy

Not a focus at all

We do not have an organization wide identity strategy.

Somewhat of a focus

There is a very low adoption rate and focus is usually a tactical response to external stresses (e.g., compliance, security breach or business transformation).

Identity is a focus

Our identity program is digitized and scaled with wide adoption across the organization.

A strong focus

Our identity program is a strong enabler for business transformation, innovation and security resilience.

A very strong focus

Our IAM strategy is a pillar of our broader organization’s innovation strategy.

Which one of the following options is the closest representation of your Identity and Access Management (IAM) team’s operating model i.e., the way identity services are managed across your organization?

Rate the operating model of your Identity and Access Management (IAM) team

Not managed at all

Most forms of identities (e.g., employee, third parties, machines) are managed ad-hoc in silo-groups or not managed at all.

Somewhat managed

Identity management is mostly reactive and focused on fulfillment of service tickets, such as creating accounts.


Centralized IAM, organized based on specific tools (e.g., a team for directory services system or another team for identity governance tool).

Strongly managed

Centralized IAM, organized on a product operating model with agile teams, there is a continuous drive for automation and Al.

Very strongly managed

Our operating model enables collaboration with external entities, it is a key control point to engage with our workforce and customers.

Which one of the following options is the closest representation of your organization’s Identity and Access Management (IAM) teams’ talent distribution?

Identify who manages the identity of your workforce

Helpdesk focused

Mostly helpdesk staff manages provisioning and deprovisioning access.

Helpdesk & IT focused

Composed of mostly helpdesk staff along with a general IT team who maintains some basic identity tools.

Identity tool centric team

Tool/Product focused teams doing development on specific identity tools and supported by helpdesk and IT support staff.

Innovation focused identity team

Data scientist or automation engineers along with identity product engineers. Very lean helpdesk and IT support.

Distributed identity talent

Spans beyond the enterprise boundaries; there is collaboration with an ecosystem of other companies and other industry forums to enable distributed identity capabilities.

How would you rate your organization’s technical capabilities when adopting new identity tools?

Rate the capability of your organization to adopt new identity tools

Very limited capabilities

Either no tools or some legacy directory and access management tools.

Some capabilities

Some identitiy tools implemented but low adoption across the organization (e.g., some capabilities in pilot mode such as lifecycle mgmt., access reviews, and Privilege Access Management but cover <50% of the organization).

Generally capable

Identity tools have been adopted across a majority of your organization.

Strong capabilities

Capabilities adopted at scale and integrated with SecOps – detection and response correlated with identity.

Very strong capabilities

In addition to having IAM capabilities adopted at scale and integrated with SecOps, your organization supports the future of identity. Can accept Universal IDs provided by institutions or decentralized IPs, dynamic trust models, identity integrated with security and data governance, frictionless access.

Which most closely aligns to your IAM automation capabilities (e.g., account creation, access provisioning, access reviews)?

Rate the automation capabilities of your organization

Highly manual

Most if not all capabilities are manual (manual fulfillment of access, access reviews).

Some automation

Some capabilities are automated but the majority are performed manually.

Mostly automated

Automated IAM capabilities with 80%+ transactions automated (e.g., lifecycle mgmt., provisioning and deprovisioning of access). Additional capabilities such as Segregation of Duties and Privileged Access Mgmt. adopted at scale.

Highly automated

Highly automated capabilities with Al driving decisions based on risk estimation.

How would you rate your organization’s technical capabilities towards coverage of additional identities?

Rate the capability of your organization to cover additional identities

No coverage

No IAM program coverage of machine identities and environments such as cloud and SaaS applications.

Limited coverage

Limited coverage of additional identities such as machine identities. Environments such as cloud and SaaS apps are mostly manually managed.

Good coverage

Additional identities such as machine identities and environments such as cloud and SaaS applications are managed at scale and automated.

Very good coverage

Identity coverage spans most identities and environments are linked to data governance (structured and unstructured) and cloud workload level access.

Fill out the form below to get your personalized assessment results and to contact our identity security specialists.

Overall Assessment

Your identity program is …


You should be …


By Category





Operational Model








Tech Capabilities












Download your report

Your download will contain a PDF of your personalized results plus a copy of the full horizon content from the beginning of this assessment