Identity orchestration company Strata Identity has announced the findings of its third annual State of Multi-Cloud Identity Report, conducted by Osterman Research.
The study surveyed 308 IT leaders and decision makers at North American organisations with annual revenues of US$100 million or more on their challenges and priorities for identity management in multi-cloud environments.
According to the report, the percentage of organisations using a single cloud identity provider (IDP) is down from 30% to 20% since last year. The other 80% are now using multiple IDPs to manage enterprise identity. Given this fragmentation, the top three cloud security concerns among enterprises are a lack of visibility into access policies (67%), identity-based threats (65%), and meeting data privacy regulations (56%).
Michael Sampson, principal analyst for Osterman Research, said: “More identity systems are being used to manage users, and organisations are losing visibility and control over their identities and access policies. So improvements in identity infrastructure intended to drive an improvement in an enterprise’s cybersecurity posture have caused the opposite effect leading to complexity overload.
“Poor visibility of existing access policies means enterprises are flying blind — they do not know where apps are hosted, nor who has access to their data. In our opinion, the rapid adoption of multi-cloud is elevating this problem to critical status.”
The State of Multi-Cloud Identity Report 2023 — Complexity is the enemy of securing identity is available here.
The State of Multi-Cloud Identity Report 2023 focuses on how multiple cloud and identity platforms impact identity and access policy management, create security and operational problems, and why the talent gap in identity professionals prevents organisations from addressing these challenges. Some of the key findings include:
- Three-quarters of organisations (76%) do not have complete visibility into the access policies and applications across multiple cloud platforms, including which access policies exist, where applications are deployed, and who does and doesn’t have access.
- More than half of enterprises (56%) don’t have a single version of the truth for identities and their associated attributes, increasing concerns over identity duplication and the likelihood of unauthorised access and credential breach.
- Less than half the companies surveyed (41%) said they can enforce consistent access policies to reduce identity and security risks. This is down from 55% last year — a 25% year-on-year decline.
- 60% of organisations do not have the resources or time to rewrite old, outdated applications so they can support modern identity protocols and work with cloud identity systems that provide enhanced security controls like passwordless authentication.
- 78% of organisations do not have access to the source code needed to update their applications so they can use modern identity systems.
Eric Olden, CEO of Strata Identity, said: “This report illustrates how the combination of adding more identity providers and technology is leading to less effective access policy management and increasing security and compliance risks to both cloud and on-premises resources.
“Identity Orchestration unifies disconnected and disjointed IAM systems, tools and processes into an identity fabric – enabling organisations to dynamically add and unify the management of new identity services across multiple cloud and hybrid environments.”
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.