Mature Identity Management Processes Equate to Reduced Security Risk


Identity and access management (IAM) is often approached tactically, as a means of giving users access to resources while minimizing IT operational overhead. The threat mitigation and risk management aspects of IAM are not prioritized, leaving gaps in the organization’s security strategy.

Cybersecurity spending, which IDC says will reach $81.7 billion this year, remains heavily weighted toward network security hardware and software. Organizations continue to focus on perimeter defenses even though the cloud, mobile and the Internet of Things (IoT) have all but erased the network boundary. Security often depends solely on simple username and password combinations.

In order to protect their systems and data, organizations need to ensure that only authorized users have the right access to the right resources at the right time. However, a recent Forrester study found that 83 percent of organizations do not have a mature approach to IAM, resulting in a greater number of breaches and millions more in costs. A more mature approach to IAM showed a direct correlation to reduced security risk and lower financial loss.

Other findings from the Forrester survey of more than 200 enterprise IT security decision-makers in charge of IAM:

  • Organizations with the highest IAM maturity experience half the number of breaches as the least mature. For instance, they are 46 percent less likely to suffer a server or application breach, 51 percent less likely to suffer a database breach and 63 percent less likely to suffer cloud infrastructure breach.
  • Organizations that secure both regular and privileged access are less likely to experience a breach compared to those organizations that adopt fewer best practices. Forrester estimates that 80 percent of security breaches involve privileged credentials that typically belong to the IT professionals who administer an organization’s systems, databases and networks.
  • Organizations with the least IAM maturity averaged more than 12 breaches, more than twice the number of breaches of the most mature, and endured more than $5 million more in financial damage.
  • Mature companies spend more on overall IT security versus the least mature companies, but actually spend 40 percent less on IAM technology as a percentage of their entire budget. This translates into an additional cost savings of more than $2.5 million, and allows them to better streamline their IT infrastructure by eliminating redundant IAM technologies.

New research from Enterprise Strategy Group suggests that organizations are seeking to up their IAM game. When asked about their IAM strategies over the next two years, 23 percent of IT professionals said they would involve the security group in IAM decision-making, while 20 percent said they would add IAM experts to the security team. In addition, 29 percent said they planned to monitor insider threats and compromised accounts, and 26 percent said they were planning to implement multifactor authentication.

Organizations spend billions on security, yet they are being breached at an alarming rate. The Forrester study found that two-thirds of organizations experienced an average of five or more security breaches in the past two years, and hackers compromised more than 1 billion identities in 2016 alone. Let the experts at Clango help you reduce these threats through a more mature approach to IAM.


For more information about IAM, please send us an email at (

Leave a Comment