Study Reveals Fragmented Access Policies are Top Security Concern for Enterprises
According to the State of Multi-Cloud Identity Report 2023, over 75% of enterprises do not know where applications are deployed and who has access
BOULDER, Colo. Aug. 21, 2022 – Strata Identity, the Identity Orchestration company, today announced the findings of its third annual State of Multi-Cloud Identity Report, conducted by Osterman Research. The study surveyed 308 IT leaders and decision-makers at North American organizations with annual revenues of US$100 million or more on their challenges and priorities for identity management in multi-cloud environments.
What’s new in 2023 for the State of Multi-cloud Report?
According to the report, the percentage of organizations using a single cloud identity provider (IDP) is down from 30% to 20% since last year. The other 80% are now using multiple IDPs to manage enterprise identity. Given this fragmentation, the top three cloud security concerns among enterprises are a lack of visibility into access policies (67%), identity-based threats (65%), and meeting data privacy regulations (56%).
“More identity systems are being used to manage users, and organizations are losing visibility and control over their identities and access policies. So improvements in identity infrastructure intended to drive an improvement in an enterprise’s cybersecurity posture have caused the opposite effect leading to complexity overload,” said Michael Sampson, principal analyst for Osterman Research. “Poor visibility of existing access policies means enterprises are flying blind — they do not know where apps are hosted, nor who has access to their data. In our opinion, the rapid adoption of multi-cloud is elevating this problem to critical status.”
The State of Multi-Cloud Identity Report 2023 — Complexity is the enemy of securing identity is available here.
Report Highlights for State of Multi-Cloud Identity 2023
The State of Multi-Cloud Identity Report 2023 focuses on how multiple cloud and identity platforms impact identity and access policy management, create security and operational problems, and why the talent gap in identity professionals prevents organizations from addressing these challenges. Some of the key findings include:
- Three-quarters of organizations (76%) do not have complete visibility into the access policies and applications across multiple cloud platforms, including which access policies exist, where applications are deployed, and who does and doesn’t have access.
- More than half of enterprises (56%) don’t have a single version of the truth for identities and their associated attributes, increasing concerns over identity duplication and the likelihood of unauthorized access and credential breach.
- Less than half the companies surveyed (41%) said they can enforce consistent access policies to reduce identity and security risks. This is down from 55% last year — a 25% year-on-year decline.
- 60% of organizations do not have the resources or time to rewrite old, outdated applications so they can support modern identity protocols and work with cloud identity systems that provide enhanced security controls like passwordless authentication.
- 78% of organizations do not have access to the source code needed to update their applications so they can use modern identity systems.
“This report illustrates how the combination of adding more identity providers and technology is leading to less effective access policy management and increasing security and compliance risks to both cloud and on-premises resources,” said Eric Olden, CEO of Strata Identity. “Identity Orchestration unifies disconnected and disjointed IAM systems, tools and processes into an identity fabric – enabling organizations to dynamically add and unify the management of new identity services across multiple cloud and hybrid environments.”
About Strata, the Identity Orchestration company
Strata Identity is the leader in Identity Orchestration for multi-cloud and hybrid-cloud. The orchestration recipe-powered Maverics platform enables organizations to integrate and control incompatible identity systems with an identity fabric that does not change the user experience or require rewriting apps. By decoupling applications from identity, Maverics makes it possible to implement modern authentication, like passwordless, and enforce consistent access policies without refactoring apps. The company’s founders created the IDQL (Identity Query Language) standard and Hexa open-source software for multi-cloud policy orchestration and are co-authors of the SAML standard for SSO federation. For more information, visit us on the Web and follow us on LinkedIn and Twitter.
Media Contact for Strata Identity:
Marc Gendron PR for Strata
# # #