Enterprise identity security company SailPoint Technologies has released its annual research report titled The Horizons of Identity Security. The report reveals that while most organisations are still in the early stages of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent, including accelerated value from reduced cyber risk to increased workforce productivity.
SailPoint says the value of identity security remains largely untapped today. Of the organisations surveyed, roughly 41% remain at the very beginning of their identity security journey, with only 10% progressing to the more advanced stages. The company say this large gap highlights the significant opportunities for organisations to realise the full potential of identity security.
The research found that organisations that mature their identity security practice can “bend” the identity security-to-value curve, delivering a disproportionate economic impact.
The report outlines several areas where mature identity security programs have progressed and unlocked new value pools, including:
-
Stronger coverage of machine identities, the fastest growing identity class: Organisations with mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented with organisations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organisation, and one-third of respondents expect machine identities to increase by 30% in the next year.
-
Higher coverage of third-party identities: Organisations with mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface.
-
Leveraging identity data intelligence: Organisations with mature identity security are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.
-
Higher adoption of AI and willingness to invest in GenAI: Organisations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity. Organisations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritising tools for workflow creation, user entitlements, role descriptions and natural language search. Alternatively, most early-stage organisations remain focused on automating basic help desk tasks.
-
Lower cyber insurance premiums: 92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than seven in ten identity security decision-makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.
“Organisations across the Asia Pacific region are concerned about changes in access models due to M&A and divestures and talent shortage around AI/ML especially as new AI regulations have been introduced in several markets,” said SailPoint’s Chern-Yue Boey. “With a strategic investment in identity security, APJ businesses can achieve enhanced capability coverage and data analytics, automation, lower cyber insurance premiums and improved compliance. With the right technology, strategy and expertise, organisations can attain identity security maturity and gain higher returns with increased maturity.”
Over the last three years, SailPoint research and experiences have confirmed that integrated identity programs across diverse technology environments will shape the future of identity security. This integration includes unified access controls providing visibility across all identity types, integration with security operations and support for machine identity management and actionable intelligence.
Additionally, with advanced next-generation identity security, access decisions are increasingly driven by AI-powered analytics, which use context-aware policies to enhance security through anomaly detection, identity pattern recognition and behaviour analysis. Organisations can utilise these next-generation capabilities to set the north-star vision to reach the future of identity security.
You can read the full report here.
