The core tenet of a zero trust strategy is least-privilege access. Yet, organizations continue to rely on user and machine identities that are susceptible to compromise, abuse/misuse, and theft. Risk is compounded by over-permissive, static access rights that provide little to no visibility into who and what is using access and how. Vaguer is how identities are being/should be monitored and protected. Availability of modern, cloud-managed identity services is widespread. Yet organizations have been slow to pivot their security programs from traditional endpoint, network, and SecOps to an approach that focuses on identity orchestration and experiences, which is dynamic and distributed. Where there are no perimeters, a multitude of identity verification services and managed identity services exist.
In order to gain insights into these trends, ESG surveyed 488 IT and cybersecurity professionals personally responsible for identity and access management programs, projects, processes, solutions/platforms, and services at large midmarket (500 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).