Image Credit: Getty Images

Today, identity governance solution provider Saviynt released the State of Enterprise Identity research report, a study of over 1,000 IT and IT security practitioners across the United States and EMEA to examine how enterprises are responding the the onslaught of identity-based attacks.

The research finds that while 56% of enterprises averaged three identity-related data breaches in the last two years, only 16% have fully mature identity and access management (IAM) programs. This is the case even though 52% recognize that a past breach was due to lack of comprehensive identity controls or policies. 

Failing to develop a sophisticated IAM strategy is a critical oversight, as it plays a critical role in securing the digital identities and accounts that today’s hybrid working network environments are built upon, which attackers can target with identity-based attacks. 

The mandate for IAM 

Over the past few years, IAM has become a must-have, mainly due to the fact that identity-based attacks were pinpointed as the top cyberthreat of 2021, which these solutions can prevent by gatekeeping unauthorized users from critical data assets. 

Despite this, many organizations openly admitted the limitations of current IAM approaches. 

For instance, only 35% in the Saviynt study admitted they have high confidence in achieving visibility of privileged user access is confirmed by 61% of respondents, citing that they couldn’t keep up with the changes occurring to their IT resources. 

At the same time, 46% admitted that their business failed to comply with regulations due to access-related issues. Across the board there was a general lack of a complete IAM strategy. 

“We’ve found that most enterprise IAM programs have not achieved maturity, leaving companies struggling to reduce identity and access-related risks,” said chief strategy officer of Saviynt, Jeff Margolies. 

“Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM program fuels the risk of rising identity and access-related attacks, and their financial consequences,” Margolies said. 

The IAM market 

As identity-based attacks have become a bigger threat, the global IAM market is also growing considerably, with researchers valuing the market at $12.26 billion in 2020, projected to reach a value of $34.52 billion in 2028 as cloud adoption has increased to the point where enterprises need to be much more effective at verifying digital identities. 

Many providers have narrowed in on IAM as one of the key solutions for securing the modern enterprise IT estate, with Okta and Okta Identity Cloud standing as one of the main competitors in the market.

Okta Identity Cloud is a zero-trust access management solution with single sign-on (SSO) and adaptive multifactor authentication so that employees can securely access the data they need. Okta recently announced that fiscal year 2022 revenue totaled $1.3 billion. 

Another key competitor in the market is JumpCloud, which offers a unified device and identity access management platform, linking devices’ identities and access to a single platform that acts as a secure directory for users, with SSO and user lifecycle management capabilities. 

Last year JumpCloud raised $159 million and achieved a $2.56 billion valuation. 

For enterprises that are falling behind in IAM, the good news is that there are lots of providers investing to make the process as user-friendly as possible so authorized users can log in without being overwhelmed by authentication mechanisms.