Back

Identity-Security Trends: Expectations vs Reality in Securing Data

As I talked about in my previous post, Identiverse 2022 gave us the opportunity to connect, reflect, and reassess what’s working (and what’s not) in security and identity after a rapid move to the cloud during the pandemic.

To gain a true measure of where companies are in their identity and security journey, Veza conducted a survey at its booth. Attendees were invited to take the survey on the show floor and 164 Identity, IAM and IT executives participated.

Here are the questions we asked:

  1. In what way has your organization’s cloud adoption accelerated in the past five years?
  2. Are you able to view and control permissions to data systems for every identity throughout your organization?
  3. How regularly do you review, update, and audit identity permissions to cloud data systems?
  4. How confident are you that data security policies are enforced (data governance, data access controls, privileged access, entitlements etc)?
  5. When it comes to budget, what business drivers are more important?
  6. Do you experience any of these challenges with your current data governance program?

Survey participants represented firms from a wide variety of industries including business services, consumer services, education, government, financial services, healthcare, media, public administration, retail as well as system integrators and VARs. 100% of responders participated voluntarily, with answers captured electronically through the iSurvey/Harvest Your Data survey tool.

Let’s breakdown the responses

Question: How has your organization’s cloud adoption accelerated in the past 5 years?

The good news is that companies are moving to the cloud for proactive reasons rather than reactive ones. When asked, “How has your organization’s cloud adoption accelerated in the past 5 years?” the top two responses were:

  • We are migrating data to the cloud (including data lake / warehouse adoption) (29%)
  • We have adopted a multi-cloud approach (infrastructure, apps, data systems) (27%)

Lagging far behind all other answers were companies that consolidated their infrastructure due to an acquisition or merger (3%)

Question: When it comes to budget, what business drivers are more important?

“Follow the money.” When it comes to initiatives, money (and budget) follow priorities. For companies, the overwhelming business driver receiving budget is risk reduction. No surprise. However, things get a little more interesting when we look at replies based on how they answered other questions.

When we compared the answers to this question with how people answered “How regularly do you review, update, and audit identity permissions to cloud data systems?”.

For companies that review, update, and audit identity permissions weekly, their focus is split between reducing risk and improving user and IT productivity. The concern here seems to be smooth business operations.

Compare that to companies that review, update, and audit identity permissions twice annually. Their focus is split between reducing risk and improving compliance. The concern here seems to be meeting compliance.

Question: Are you able to view and control permissions to data systems for every identity throughout your organization?

We didn’t expect 44% of respondents to answer yes. It’s a pleasant surprise – we thought it would be half that.

An even better surprise was looking at who answered yes based on the top two answers about how the organization’s cloud adoption accelerated in the past five years.

For those adopting cloud through migration of data, it makes sense that nearly 45% of them are able to view and control permission to data systems.

Interestingly, but entirely expected, when companies had more complex, multi-cloud migrations (infrastructure, apps, data systems, etc), only 37% said they can view and control permissions to data systems for every identity.

Pssst – Veza can help with that.

Question: How regularly do you review, update, and audit identity permissions to cloud data systems?

Here’s another question whose answers surprised us. We thought most companies review / audit identity permissions annually, or at most twice a year. Well, the Identiverse crowd is on it! The leading answer, by far, is a quarterly review/audit (37%)!

We were curious though – what is the confidence level in their data security enforcement relative to how regularly companies review/audit identity permissions? We compared those that review/audit weekly with those that review/audit once a year (or less).

Of the respondents that weekly review, update, and audit identity permissions to cloud data systems, How confident are you that data security policies are enforced (data governance, data access controls, privileged access, entitlements etc):

– not confident 13%

– semi-confident 8%

– confident 34%

– very confident 45%

Not surprisingly, those that audit more frequently are confident that data security policies are enforced, with 45% feeling very confident. Conversely, those that audit annually (or less) had less confidence in their data security policies. And for those two companies that audit annually but are very confident in their data security policies….we want your confidence!

Interested in understanding more about how Veza can help with your data security needs? Schedule some time to chat with our SMEs and experience a demo here.

And, don’t forget to catch us at BlackHat in just a few short weeks – we’ll see you there!

Table of Contents