Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Summary Results | 2020
Identity Security Trends
Sponsored by
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Survey Summary▶ From September 2019 to 2020, Gatepoint Research invited select executives to participate in a survey
themed Identity Security Trends.
▶ Participants were invited via email, with 315 executives’ responses to date.
▶ Participants profile: IT senior decision makers: 8% hold the title of CxO; 17% are vice presidents; 47% are director level; 28% are manager level.
▶ Industry representation includes business services, construction, consumer services, education, financial services, healthcare, manufacturing, mining, public administration, retail, telecom services, transportation, utilities, and wholesale trade.
▶ Participants representing firms:
§ 29% work in Fortune 1000 companies with revenues over $1.5 billion;
§ 19% work in Large firms whose revenues are between $500 million and $1.5 billion;
§ 13% work in Mid-Market firms with $250 million to $500 million in revenues;
§ 39% work in Small companies with less than $250 million in revenues.
▶ 100% of responders participated voluntarily.
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Executive OverviewIdentities on the network can create havoc if left unmonitored. Governance policies and procedures focus on three questions: Who has access to what? Should they have access? How is that access being used? What are organizations doing to address those questions and control every identity and system on the network to protect valuable assets?
This survey asks respondents to report:
▶ How has their IT infrastructure changed in the last few years?
▶ Can they view every identity and system?
▶ Are they confident their digital identity governance policies are solid?
▶ What challenges do they have, and what capabilities would they like to see in the future?
▶ What governance solution capabilities would drive a budget decisions?
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
In what way has your organization's technical infrastructure changed in the last five years?
The most significant technical infrastructure changes in the past 5 years include dramatic growth in cloud adoption (73%), adoption of SaaS solutions (62%), and a proliferation in system integrations/APIs (57%). Less growth is seen in using robotic process automations (RPAs) and/or bots (23%).
73%
62%
57%
46%
29%
23%
3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
We are adding workloads to the cloud
We are using more SaaS solutions
We have increased system integrations/APIs
We have increased the level of automation in our securityenvironment
We have gone through a merger/acquisition
We are using more robotic process automations (RPAs)and/or bots
Other
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Are you able to view and control every identity and system throughout your organization?
While 20% of respondents say they can see all their identities and systems, the majority of respondents (59%) can only see some of the structure, and 14% have no visibility.
No14%
Some, but not all59%
Yes, completely
20%
I'm not sure7%
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
How regularly do you review and update identity policies and/or processes?
Identity policies and/or processes are reviewed throughout the year by 60% of the responders. 36% review annually or less frequently, and a surprising 4% never review these policies and processes.
7%
17%
24%
12%
36%
4%0%
5%
10%
15%
20%
25%
30%
35%
40%
Weekly Monthly Quarterly Twice annually Annually, or lessfrequently
Never
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
How confident are you that your digital identity governance policies are enforced by your current solution? Rate 1 to 5, 1=Not at all confident, 5=Extremely confident
Only 11% of respondents are extremely confident that their current solution enforces their identity governance policies. 13% have little to no confidence.
Extremely confidentNot at all confident
3%10%
34%
41%
11%
0%
5%10%
15%
20%
25%30%
35%
40%45%
1 2 3 4 5
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Do you experience any of these challenges with your current identity governance program?
Manual processing is the #1 problem in 58% of responders’ identity governance programs, but a close second is entitlement creep at 54%. Not as startling but significant is the challenge of audit reporting or access re-certifications and ghost users.
58%
54%
47%
43%
14%
12%
0% 10% 20% 30% 40% 50% 60% 70%
Manual processing, e.g., provisioning, passwords, andpermissions
Entitlement creep (i.e. people moving roles and retainingprevious access)
Audit reporting/access re-certifications
Orphaned accounts (ghost users)
New or unknown bots and other digital identities
Other
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
What capabilities are most important in your identity governance solution?
Visibility and tracking of every identity and system in the infrastructure is the most important capability for an identity governance solution, say 69% of respondents. Half or more also list the following important capabilities: Automatic risk/security alerts; reporting/analytics (each cited by 57%); automated controls & provisioning, self-serve password and access resets (50%).
69%
57%
57%
56%
50%
47%
32%
3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Visibility over and tracking of all identities and systems in theinfrastructure
Automatic risk and security alerts
Reporting and analytics
Automated, rule-based controls & provisioning
Self-service capabilities, including password reset and accessrequest
Controlling user access to files (e.g. unstructured data)
Integration with other legacy systems (such as mainframes) inaddition to new technologies
Other
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
When it comes to securing budget, what business drivers are most important?
More than two thirds of responders cite risk reduction as a primary driver for securing budget dollars. 54% say improvements for users and IT for better productivity and operational efficiency are important. Other drivers include improved compliance, automation, and, of course, quick ROI.
68%
54%
48%
40%
35%
3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Risk reduction
Improved user and IT productivity/operational efficiency
Improved compliance
Automation of manual tasks
Quick return on investment
Other
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Profile of Responders:Company Revenue
29% of those surveyed work in Fortune 1000 companies with revenues over $1.5 billion.
>$1.5billion29%
$500 million -$1.5 billion
19%$250 - 500 million13%
<$250 million39%
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
Profile of Responders:Job Level
71% of those surveyed hold director or executive level positions in their organizations.
CxO5%
VP18%
Director48%
Manager29%
Summary Results | 2020Copyright ©2020 Gatepoint Research. All rights reserved. This report is the sole property of Gatepoint Research and may not be used, reproduced or redistributed in any form including, but not limited to, print & digital form without express written consent of Gatepoint Research.
SailPoint, the leader in enterprise identity governance, delivers security, operational efficiency and compliance to enterprises with complex IT environments.
Learn more at sailpoint.com