IAM Trends: The Strategic Counsel Survey of 642 Enterprises

IAM Expectations
North American organizations are investing significantly in IAM. More than 75% of the organizations surveyed have implemented some form of IAM functionality, with a further 14% planning to implement or roll-out an IAM solution over the next 12-18 months.
The key focus areas for IAM investment center on security, compliance and efficiency. Amongst those surveyed:

- The highest ranked primary delivery requirements for IAM investment are improved security, improved regulatory compliance, and better IT department efficiency and cost reduction

- In order to achieve these deliverables IAM investments/implementations are most expected to produce:
-- Improved customer and end-user self-service capabilities
-- Single sign-on
-- Improved audit capability and transparency
-- Better user account management

IAM Environment
The survey data shows stove-piping of identity and access may be playing a significant role in diminishing organizational efficiency:
- 6% of the organizations surveyed are able to provide new employees or contractors with access to all the applications or systems they require on their first day of work
-- More than 55% are unable to provide new employees or contractors with access to more than half of the applications or systems they require to do their jobs on their first day of work

- 78% of the organizations surveyed use application-specific directories for their key enterprise applications

- 64% of the organizations surveyed run application-specific authorization policies for their key enterprise applications
Critical Factors in IAM Solution Choice
Study respondents indicate integration and support for existing security infrastructure and processes are the key considerations in IAM solution choice.
Most Important/Critical Factors:
- Ability of vendor’s software to integrate with existing systems
- How well vendor’s software fits with organization’s IAM processes
- Solution features and functionality

As well, factors ranking highest for secondary importance in IAM solution choice point to market movement toward integrated, end-to-end solution providers rather than best-of-breed point solutions:
- A one vendor, integrated, end-to-end solution
- Ease of implementation
- End-user ease of use

Security Challenges and Costs
There has been significant growth in the number of organizations suffering known security attacks over the past three years. More than 84% of large North American organizations have suffered an identified security attack over the past 12 months compared to two-thirds in 2003 and 75% in 2004.
The nature and understanding of security challenges has also changed:

- Three years ago relatively few large North American organizations (less than 20%) suffered identified network attacks and denial of service attacks
-- Currently 44% of large North American organizations say they have dealt with network attacks over the past 12 months
-- 33% say they have dealt with denial-of-service attacks over the past 12 months
-- 38% identify internal breaches of security as a key security challenge dealt with over the past 12 months

The increasing incidence and scope of threats has serious consequences for large North American organizations. 54% report lost workforce productivity as a result of security attacks over the past 12 months and 20% report lost revenue, customers, or other tangible assets.
Organizational image and public perception are also key areas of concern in dealing with security attacks. Public embarrassment, loss of trust/confidence, and damage to reputation were identified as key costs suffered from security attacks or breaches by 25% of respondents. In fact, only lost productivity ranks higher as a cost suffered due to security attacks/breaches.
Security Investment
The survey results point to Identity Access and Management (IAM) solutions being a key area of security and compliance investment. Improved security and regulatory compliance are identified as the critical, primary benefits of IAM by study respondents.
The high identification of IAM with security and compliance improvements appears to be generating strong growth rates for IAM solutions. Based on the forward-looking implementation and roll-out plans provided by respondents, 18% growth in the large North American organization user base for IAM over the next 12-18 months may be possible.
On a sour note for overall IT security investment, 37% of respondents believe their organization’s spending on IT security is too low versus only 1% who believe it is too high.