Report: Enterprises not as advanced with IAM as expected
Consultancy surveys users to get answers
11 April, 2014
category: Corporate, Digital ID
Sara Gates is no stranger to identity and access management systems, having served as vice president of identity management at Sun Microsystems and now CEO and founder at Wisegate – a consultancy looking to provide the IT industry with the answer they need.
Gates often found herself in a situation where she wanted to discuss topics with those in the same situation. This “do you know someone like me?” led to the creation of Wisegate where the company crowd sources questions to those in similar situations without any input from vendors.
Members come up with topics and Wisegate performs the surveys. “It’s only practitioners responding and then we curate the content,” Gates says. The goal is to give end users independent advice from those who have been there and take some of that power away from the vendors.
The firm released a report on identity and access management (IAM) trends that was looking at where enterprises are in terms of identity and access management. “The intention was to determine if we’re ahead of trends or not,” she explains. “Across the board, practitioner’s weren’t as far along as you would think.”
Wisegate surveyed 91 members and other senior-level IT security professionals in the third quarter of 2013. The results of this survey provide guidance to IT executives interested in how their peers in other organizations regard their current identity and access management status, including:
- Access Management Maturity Level for Unique Person Identifier, Rich Identity Profile, Web SSO, Enterprise SSO, Federation, Externalized Authorization and Role-Based Access
- Administration and Architecture Maturity Level in several factors, including Role Management, Identity Bridge, Self-Service Portal, Identity APIs, Role-Based Provisioning, Attestation/Certification and Request-Based Provisioning
- External Provisioning and Cloud Systems for credentialing
- Identity Management Drivers at respondents’ organizations
Outside of high maturity for using unique identifiers for access, the other categories were a mixed bag. Less than half – 42% – reported high maturity for web single sign-on. Some 30% responded with high maturity for enterprise singe sign-on while 37% reported the same status for using role-based access control.
“In all cases, responses indicate that a majority of organizations have not yet achieved a high level of maturity in these common access management functions,” the report states.
Federation also didn’t rank high among respondents. Some 35% reported high maturity while 42% said they were low. “Surprising too are the number of respondents who ranked Federation as ‘low,’ considering that some sort of federation is required to provide single sign-on to hosted applications or to customers/end-users,” the report states.
Audits and productivity are the primary drivers behind identity and access control systems at 42% and 41% respectively.
The full Wisegate report can be downloaded here.