North American organizations continue to be challenged with security and compliance issues. Increasingly, they are using Identity Access and Management Solutions to improve security and compliance. CA's continuing development of its Identity Access and Management (IAM) products appears to synchronize with organizational trends toward integrated security solutions that support existing processes and layering security information management functionality on top of core IAM infrastructure.
To explore IT security and Identity Access and Management trends and developments, The Strategic Counsel conducted a survey of 642 large North American organizations covering:
- IAM Expectations
- Critical Factors in IAM Solution Choice - Security Challenges and Costs - Security Investment - Impact of Lagging Security Investment
- Most Important Areas for Additional Security Spending - Key Inhibitors to Additional Security Spending - Graphics - About the Survey
IAM Expectations
North American organizations are investing significantly in IAM. More than 75% of the organizations surveyed have implemented some form of IAM functionality, with a further 14% planning to implement or roll-out an IAM solution over the next 12-18 months.
The key focus areas for IAM investment center on security, compliance and efficiency. Amongst those surveyed:
- The highest ranked primary delivery requirements for IAM investment are improved security, improved regulatory compliance, and better IT department efficiency and cost reduction - In order to achieve these deliverables IAM investments/implementations are most expected to produce: o Improved customer and end-user self-service capabilities o Single sign-on o Improved audit capability and transparency o Better user account management
IAM Environment
The survey data shows stove-piping of identity and access may be playing a significant role in diminishing organizational efficiency:
- 6% of the organizations surveyed are able to provide new employees or contractors with access to all the applications or systems they require on their first day of work o More than 55% are unable to provide new employees or contractors with access to more than half of the applications or systems they require to do their jobs on their first day of work - 78% of the organizations surveyed use application-specific directories for their key enterprise applications - 64% of the organizations surveyed run application-specific authorization policies for their key enterprise applications
Critical Factors in IAM Solution Choice
Study respondents indicate integration and support for existing security infrastructure and processes are the key considerations in IAM solution choice.
Most Important/Critical Factors:
- Ability of vendor's software to integrate with existing systems - How well vendor's software fits with organization's IAM processes - Solution features and functionality
As well, factors ranking highest for secondary importance in IAM solution choice point to market movement toward integrated, end-to-end solution providers rather than best-of-breed point solutions:
- A one vendor, integrated, end-to-end solution - Ease of implementation - End-user ease of use
Security Challenges and Costs
There has been significant growth in the number of organizations suffering known security attacks over the past three years. More than 84% of large North American organizations have suffered an identified security attack over the past 12 months compared to two-thirds in 2003 and 75% in 2004.
The nature and understanding of security challenges has also changed:
- Three years ago relatively few large North American organizations (less than 20%) suffered identified network attacks and denial of service attacks o Currently 44% of large North American organizations say they have dealt with network attacks over the past 12 months o 33% say they have dealt with denial-of-service attacks over the past 12 months o 38% identify internal breaches of security as a key security challenge dealt with over the past 12 months
The increasing incidence and scope of threats has serious consequences for large North American organizations. 54% report lost workforce productivity as a result of security attacks over the past 12 months and 20% report lost revenue, customers, or other tangible assets.
Organizational image and public perception are also key areas of concern in dealing with security attacks. Public embarrassment, loss of trust/confidence, and damage to reputation were identified as key costs suffered from security attacks or breaches by 25% of respondents. In fact, only lost productivity ranks higher as a cost suffered due to security attacks/breaches.
