Tardy to the Party: IT and Security Leaders Are Embracing Automated IAM Too Late

Bryan Christ

August 26, 2021

Ransomware and cyber attacks are surging across the globe, and IT decision-makers have identified IAM automation as a critical component of defense as threats continue to evolve and grow. The problem? Organizations are monitoring identity and access risks, but in many cases their efforts are falling short, creating a widening gulf between aspiration and achievement to modernize cybersecurity with automation.   

Mind the Gap

In the wake of the pandemic, the importance of improving cybersecurity has risen.  According to a recent survey from Hitachi ID and Pulse, ninety-eight percent of IT executives say they are reprioritizing it in their initiatives.

Already, many IT and security leaders use automated tools as part of their identity and access management (IAM) arsenal. However, they still have  gaps with automation when it comes to identity and access vulnerability discovery: Only 1% of respondents have robust automated IAM processes. What’s more troubling? Almost two-thirds say they’ve automated 50% or less of their processes. 

The data also suggests that where automation is employed, the capabilities thereof are quite limited. Just 5% say their technology proactively identifies security risks. In terms of identity and access risks their current technology stack recognizes, less than half specified privileged access, groups, and passwords. According to the latest Verizon Data Breach Investigations Report, that’s a significant problem since 61% of breaches involved credentials in 2021.

It’s not hard to see how ransomware hackers and social engineers can exploit these cracks, even though IT leaders are aware of them. While many cybersecurity decision-makers use technology to monitor their environment continuously, they have yet to put comprehensive automation in place to proactively identify and address security threats before they become a serious problem for an organization’s network integrity and future viability.

Manual Costs

Organizations face challenges in deciding just what’s vulnerable, too. That’s because, for most, prioritizing what’s susceptible is still a manual process. Of the respondents surveyed, seventy-eight percent state that they use a standard security framework to calculate risks which can be a time-consuming process. This additional human element can also introduce more room for error. And only 9% of organizations have a tool that automatically detects exposure, making the process a drag on the IT department’s resources.

All IT executives surveyed agree discovering and mitigating identity and access threats is a pain point for their IT department’s resources. This challenge is hardly minor. Ninety-two percent saw it as a moderate to significant strain, taking precious time away from strategic initiatives and crucial modernization efforts. 

Automate for the Win

These deficiencies demonstrate that IT and security leaders must rethink and reprioritize their cybersecurity needs sooner than later. They may understand the gaps within their current technology stack, but recognizing and fixing them are two different things. The void in between leaves an easily exploitable attack surface for today’s ransomware hackers.

To combat the rising threat of cyber attacks, organizations must be more proactive in adopting automated identity access management systems such as Hitachi ID Bravura Security Fabric, which is a comprehensive, automation-first platform that secures your systems faster and more effectively than manual access certification and individual products.

See the full results of our survey and learn more about IAM automation challenges and benefits for modern organizations with our infographic: While IT and Security Leaders Are Embracing Automated IAM, They Are Doing So Too Late.

 

Download Infographic