Identity management, particularly privileged identity management, forms the backbone of an effective cybersecurity strategy. The ManageEngine Identity Security Survey 2024 sheds light on the current state of identity management, gathering insights from security decision-makers worldwide.
The Importance of Identity Management
The survey reflects the critical importance of identity management in a world where cyber threats are increasingly prevalent. A staggering 77% of CISOs reported experiencing an identity-related cyberattack in 2023.
Jane Frankland, a cybersecurity influencer and author, notes: “The 2024 Identity Security Report by ManageEngine underscores the ever-growing importance of identity management in an increasingly digital world, revealing that while organizations recognize its criticality, many still struggle with execution.”
She says that with more than three-quarters of CISOs reporting identity-related cyberattacks in 2023 and AI-driven threats looming on the horizon, the need for robust solutions is clear. Yet, gaps in the visibility of overprivileged identities and a divided perspective between the C-Suite and IT teams expose vulnerabilities.
Zero Trust: More Ambition Than Action?
The concept of Zero Trust—where standing privileges or permanent user access permissions are minimized—remains aspirational for many. The survey found that only 27% of respondents claimed they were “Already there” in achieving Zero Trust by eliminating standing privileges. Interestingly, the education sector leads the way, with 27% of organizations removing all permanent permissions, while only 15% in healthcare have reached this milestone.
Recognizing the gap, 68% of survey respondents expressed the need for more tools to handle identity management effectively. Although organizations acknowledge the importance of Zero Trust, this finding suggests that current efforts may not be enough to combat identity-related threats fully.
An important finding from the survey is the growing interest in AI technologies for identity management. Organizations are keen to explore AI-driven solutions that promise productivity boosts and faster investigations, even if they require substantial training time. Over half of the respondents indicated a willingness to adopt these AI tools.
The Battle of AI in Cybersecurity
Speaking of AI, Frankland says: “A fascinating element of the survey is the rise of AI, both as a defender and a potential threat. Organizations are not only anticipating AI-driven social engineering and ransomware attacks but are also embracing AI-powered solutions to counter them. The balance between leveraging advanced AI tools and addressing the critical gaps in zero-trust and privileged identity management will shape the future of cybersecurity in 2024 and beyond.”
As entities face an increasing number of AI-generated threats, the landscape of identity management is evolving rapidly. AI is becoming a double-edged sword. While it offers advanced solutions to strengthen identity protection, it also presents new challenges.
“AI is becoming a double-edged sword—those who wield it well will be better equipped to guard their digital identities, but the risks posed by malicious AI are escalating just as quickly,” Frankland comments. “As AI continues to evolve, the battle for identity protection becomes increasingly complex, highlighting the urgent need for organizations to align strategy, technology, and execution.”
Budget Discrepancies and Organizational Perceptions
A gap in perception was noted between the C-suite and technical staff. Almost every CTO (97%) believes their company will allocate a budget for identity security tools in the next five years, yet about one in four in IT Operations do not share this view. Furthermore, while 73-79% of the C-suite respondents consider their organization’s security stack “Very capable,” only 54% of IT Operations staff agreed.
This discrepancy suggests that while executives are optimistic about their organization’s capabilities, those working on the front lines see more room for improvement.
The report notes that a truly game-changing conversation could result if the C-suite is brimming with investment expectations and technicians know which areas of identity management are falling short. These differing perspectives reveal that open dialogue and collaboration between leadership and technical teams are crucial for addressing these challenges.
The Complexities of Modern Identity Management
The survey vividly paints a picture of an industry grappling with the complexities of modern identity management. While the majority of firms acknowledge the importance of identity security, execution remains challenging. As AI continues to evolve, it offers both opportunities and risks, underscoring the need for ongoing investment in tools and strategies that can keep pace with emerging threats.
In this new era of identity security, organizations must adopt advanced technologies and foster greater communication between leadership and technical teams. By doing so, they can create a comprehensive approach to identity management that addresses both current challenges and future threats.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.