Only one in five organisations set up to securely manage user identities

| News alert
Capgemini and RSA survey finds that most businesses are ill-prepared for the digital services transition, causing a shortfall in identity and access management security

Paris and San Francisco – A survey conducted by Capgemini, one of the world's foremost providers of consulting, technology and outsourcing services, and RSA, the Security Division of EMC (NYSE:EMC), revealed that as organisations seek to capitalise on digital opportunities through rapidly developing and hosting new services online, they frequently under-invest in adequate cybersecurity measures creating significant risks, in particular governing user access.

"Identity Crisis: How to Balance Digital Transformation and User Security?", a survey of more than 800 C-level executives in the US, UK, Germany, France, Benelux and the Nordics1 revealed that 62 percent believe it is very important or critical for their organisations to enable or extend access for users to digital services securely, yet only 26% have the technology in place to do so. However, it is clear from the findings that organisations recognise the need to do more to improve the user experience, with 84% acknowledging the need to offer more flexible, adaptive authentication methods and IDs.

Jim Ducharme, Vice President of Identity Products at RSA, said "As organisations extend to the cloud they must ensure they have solutions in place that address the risk and threats associated with assuring user identities. These solutions must understand who is accessing what; manage that access effectively; and control access across the various cloud services. These elements are absolutely essential to giving the organisation the assurance that users are who they say they are in a cloud environment."

The findings show that companies are moving to bridge the divide and bolster their existing security practices. In the wake of high profile, extremely damaging online breaches, IAM2 is seeing a noticeable increase in investment. Nearly seven in ten companies (68%) report a rise in their IAM budgets, with 28% noting a ‘strong’ increase.

The survey also revealed a shift in the way IAM is being viewed and implemented, prompted by maturing and emerging technologies and anticipated user demand. The results suggest that allowing users to bring their own identity, where visitors use their existing social identities to log in, is viewed as many companies’ ultimate goal as long as it can be implemented securely. Interestingly it is apparent that this ambition is being balanced with widespread uncertainty surrounding data privacy, security regulations and transparency regarding where services are hosted. The report highlights:

  • Adaptive Authentication3 is set to define the future of device and service access for users. 84% of organisations consider the ability to deploy such authentication and offer access via an increasing number of methods and devices  a high or very high priority;
  • For most companies (85%), it is critical or very critical to onboard new services underpinned by cloud technology – which are only expected to increase – quickly and efficiently, and that these are supported by IAM; 
  • Organisations from both the United States and Europe are very sensitive to where security services are hosted, with close to 90% of respondents preferring or mandating data centers that deliver identity management services be located within their country or region.

"It is clear that the days of logging into a company’s system with a username and password specific to that organisation are numbered. Users aspire to log in from anywhere in a variety of ways, including with social media profiles and existing email account" said Mike Turner, Global Cybersecurity COO at Capgemini Group.

"The ownership of online identities is moving away from the organisation to more flexible and secure services maintained by the user, addressing access management needs. While it is extremely positive to see increasing recognition and investment from senior leadership, a considerable gap between the task at hand and the current capabilities of many organisations remains. The extent of this security challenge should not be underestimated."

"Identity Crisis: How to Balance Digital Transformation and User Security?" findings are drawn from a survey of 831 C-level decision makers, with a majority of respondents from IT departments (47% IT services and 29% IT security), and other participants from departments such as Sales & Marketing, HR or Finance. Conducted by KuppingerCole on behalf of RSA and Capgemini, those surveyed were based in the US, UK, Germany, France, Benelux and the Nordics4 represent organisations with more than 500 managed identities, of both employees and consumers. One third of the organisations covered are in the range of 5,000 to 50,000 managed identities, while 40% have more than 50,000 identities under management and 7% are managing more than 1 million users.

For more information on the survey, its findings and Capgemini’s Identity as a Service (IDaaS), please visit: www.capgemini.com/identitysurvey