GlobalSign Petteri Ihalainen 12-05-14

As Gartner IAM Summit Spotlights Identities, New Survey Sizes The Challenge

Gartner IAM Summit

The Gartner IAM Summit in London last week put the spotlight on digital identities and how best to morph standards and infrastructures to support both people and things, commonly referred to as the Internet of Everything (IoE).   Whether the answer is a more people-centric security approach as advocated by one Gartner researcher, or any of 5 different platform approaches, as advocated by another Gartner analyst – security experts agree the Internet of Things (IoT) is an identity management challenge that must be addressed.

Security Concerns

security-concerns

We thought it would be helpful to size the level of concern among IT executives.  Turns out they’re tremendously concerned.   An independent survey commissioned by GlobalSign that was released immediately prior to the event shows that some 90% of senior IT leaders at organizations with over 1000 employees, surveyed in the US and the UK said they were either somewhat concerned, very concerned, or extremely concerned about their organizations’ identity relationship and access management (IRAM) capabilities.   The Bring Your Own Device (BYOD) trend, the fact more employees working from home, smart electronics and wearables allow more physical devices to act as conduits to corporate networks – further expands the potential security risk.

The US appeared to show greater concern, with 66% of the IT executives surveyed ranking identity and network access as a matter over which they are either extremely or strongly concerned – with 21% of them rating their concern as extreme.   In contrast only 23% of UK respondents — nearly one-third of the US level — stated they were strongly or extremely concerned, with only 3% in the UK saying they were extremely concerned.  The survey was performed by technology market research firm Vanson Bourne in late January 2015.

Not surprisingly, results across four key vertical sectors showed that nearly twice the number of IT executives at financial services firms were extremely concerned than their peer respondents in the manufacturing, retail or other sectors.  Results were consistent across company size – the survey assessed companies with between 1000 and 3000 employees, and those with over 3000 employees.

The Internet of Everything Era

 

More importantly, the concern about identities in the IoE era is being reflected in IT budgets. The just released TechTarget/Computerweekly IT Spending Priorities study ranked IAM as the #1 spending priority of UK and European firms this year, with 36% of UK IT managers and 33% in Europe planning IAM initiatives. GlobalSign’s Finland-based IAM team found that some 40% of the top 500 companies in Finland plan to improve IT infrastructure and e-Services with identity and access management within 12 months.

Mobile standards such as Oauth as well as existing solutions such as the use of enterprise PKI services were also part of the Gartner IAM discussion.   The event spotlighted newer delivery models such as “Security as-a-Service” offerings and other innovations that streamline IAM deployments from the typical six months down to just weeks – so that the lengthy build-out cycles associated with these solutions do not act as an impediment to their more widespread adoption.

While the Gartner IAM Summit addressed new technologies, case studies and recommendations for success, it acknowledged there is still work to be done on the identities front.  But we remain optimistic about the IoE for good reason: new research from Verizon suggests that by 2025 the firms that embrace the IoE will become 10% more profitable.   Now there’s a data point around which just about every firm can find agreement.

By Petteri Ihalainen

Petteri Ihalainen

Petteri Ihalainen is a IAM product manager

CONTRIBUTORS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
The New Kids On The Block: Data Protection Officers

The New Kids On The Block: Data Protection Officers

Data Protection Officers The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or ...
Combatting Malware in the Cloud Requires a New Way of Thinking

Combatting Malware in the Cloud Requires a New Way of Thinking

Malware in the Cloud It’s no secret that cloud adoption has exploded in the enterprise over last few years. However, ...
Secure Business Agility

THE AGE OF DATA: THE ERA OF HOMO DIGITUS

The Age of Data In our digital era data deluge – soaring amounts of data, is an overriding feature. That’s ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information ...
Part 1 - Identity Assurance by Our Own Volition and Memory

Part 1 – Identity Assurance by Our Own Volition and Memory

In an earlier article we discussed what technology can displace the password. The proposition of Expanded Password System (EPS) that ...
Having Your Cybersecurity And Eating It Too

Having Your Cybersecurity And Eating It Too

The Catch 22 The very same year Marc Andreessen famously said that software was eating the world, the Chief Information ...
The ID Federation: What Technology Can Displace The Password?

The ID Federation: What Technology Can Displace The Password?

The Future Password Many people shout that the password is dead or should be killed dead. The password could be ...