Why are organisations failing to address Identity & Access Management

Protecting identity data is synonymous with safeguarding a firm’s assets as more cyber-attacks exploit digital identities to breach defences.

Enterprises are increasingly recognising the importance of an identity-enabled approach to support business growth, user experience and security.

A recent study conducted by Gartner Peer Insights and commissioned by Radiant Logic, highlighted that 58% of respondents rated identity management as vital. Nonetheless, many organisations struggle to implement it effectively. Wade Ellery, the Field Chief Technology Officer at Radiant Logic, discusses the challenges faced by  organisations when engaging in Identity & Access Management best practices.

What are some of the key frustrations for IT teams and administrators when it comes to Identity & Access Management?

One of the chief concerns with Identity & Access Management is the need for more up-to-date and accurate user profiles. Organisations often operate with inaccessible, overlapping and incompatible sources of data, an issue also known as identity sprawl. Our study discovered that 60% of organisations have more than 21 identities per user – and these are rarely correlated.

Furthermore, employees use numerous apps, tools, and accounts daily and must remember multiple login credentials. This has created a fragmented infrastructure that can be frustrating and inefficient for users. Worse, however, this infrastructure poses both a major security risk and the potential to fall afoul of security legislation like the General Data Protection Regulation (GDPR).

Many IAM solutions that attempt to address these issues are incapable of a complete solution because they weren’t built to integrate with multiple identity sources and play well with other tools. Businesses must then spend valuable time customising these solutions still for only a limited set of use cases. This model makes the solution too expensive or complex to implement, leading to limited or failed IAM projects that never come to grips with challenges facing IAM. As many as 71% of user complaints about managing identity stem from the lack of integration with new applications and tools. Users are irritated that they can’t access the resources necessary to do their jobs, which reduces productivity and leads to wasted time and depleted support.

Why are organisations failing to deal with the challenges of Identity & Access Management?

Historic underfunding and current economic budget constraints have only worsened an organisation’s ability to deal with IAM. Despite a significant number of organisations facing identity-related issues, 71% of those surveyed don’t have a budget allocated to identity-based projects, and 61% of respondents reported that their firms perceive that  identity management is too costly or too time intensive to pursue.

Many other organisations acknowledge that IAM will help them make better decisions, but they don’t have the insight or capabilities to manage the complexity in their infrastructure. Some organisations also stated that IAM is only regarded as important when there is headline-grabbing identity-related risk or compromise—our research shows that 30% of organisations don’t have IAM modernization on their leadership or board’s agenda. This indicates a lack of understanding on the part of organisations as to the importance of IAM, or they simply do not see it as a necessity.

What security risks arise if organisations cannot manage their identity data?

One major risk of ineffectively managing identity data is technical debt that increases the cost of reworking systems or applications. Without an effective identity management solution in place, organisations are challenged to provide new features and functions to their application to facilitate user operations because the critical identity information needed is too difficult to provide with accuracy.  This leads to adding additional complexity and workarounds on a one-off basis for each task. Not only does this increase cost, but also compromises the quality of the product – making the entire system more complex or less user-friendly.

The increased complexity also takes a significant toll on user morale. In fact, in our research, 66% of the respondents highlighted technical debt as the most prevalent negative impact of poor identity data management, while 64% also feel that ineffective management impacts their morale. Ultimately this can have a knock-on impact on productivity and eventually affect staff retention.

There’s also the risk of experiencing an identity-related breach. According to  recent industry research, 84% of organisations experienced at least one identity-related breach last year. One impact of poor management of identity data is an increase of ghost or stale accounts within the network. If such accounts are not managed and properly expunged, threat actors can gain access unnoticed  and escalate to compromises across the entire network.

How can organisations properly manage their identity data?

With hybrid working becoming the new normal, the need for an IAM system that meets the demands of performance, security and scalability is evident. It would be ideal if the IAM solution gathered all the user’s attributes into a single global profile, a concept known as an Identity Data Fabric. This combines scattered identity data from all the different sources into one virtual repository, making it easier to correlate and analyse information such as access rights.

An Identity Data Fabric helps establish a connective layer between ‘customers of identity’ the applications and tools everyone uses to do their jobs and all the silos of identity data spread across the organisation. This encompasses all the services, applications and additional identity solutions that deliver access management and governance. Applications can now connect to one reusable service compatible with both on-premises and in the cloud. It also enables security teams to gain complete control over an organisation’s networks, which provides control over access management and fills in security gaps wherever necessary.

About the Author

Wade Ellery is Field Chief Technology Officer at Radiant Logic. Radiant Logic, the enterprise Identity Data Fabric company, provides the cornerstone of complex identity architectures in today’s digital world. With Radiant, it’s fast and easy to put identity data to work, connecting many disparate data sources across legacy and cloud infrastructures in real-time, without disruption. Our solution creates a solid identity foundation that speeds the success of initiatives, including single sign-on, M&A integrations, identity governance and administration, cloud directory deployments, hybrid and multi-cloud environments, customer identity and access management, and more.

Featured image: ©winexa