New research has revealed that as they look to capitalise on digital opportunities through developing and hosting new services online, organisations are frequently under-investing in cybersecurity measures around governing user access. But many are starting to realise they need new ways of delivering seamless Identity and Access and Management (IAM).
The new survey by Capgemini and RSA found that while 62% of organisations in Europe believe it is very important or critical for their organisations to enable or extend access for users to digital services securely, only one in five (21%) are currently equipped with the technology to securely manage user identities.
In the UK that figure is even smaller – only 15% of UK organisations are already equipped to support secure and convenient access for all user types.
But companies are trying hard to bridge this divide and bolster their security practises in the wake of many high profile, extremely damaging online breaches over the past few years. Because of this, investments are expected to increase, with 68% reporting a rise in their IAM budgets.
> See also: Biometrics is the sexy side of identity management, but not the most effective: Kevin Cunningham, Sailpoint
Organisations are recognising the need to do more to improve the user experience, with 84% acknowledging the need to offer more flexible, using adaptive authentication methods and IDs.
And they are also facing a shift in the way IAM is being viewed and implemented, prompted by maturing and emerging technologies and anticipated user demand.
Allowing users to bring their own identity, where visitors use their existing social identities to log in, is viewed as many companies’ ultimate goal as long as it can be implemented securely.
> See also: Why identity and privacy rule on the road to digital transformation
Companies are having to balance this ambition with widespread uncertainty surrounding data privacy, security regulations and transparency regarding where services are hosted.
Approaches like 'adaptive authentication' are set to define the future of device and service access for users, with 84% of organisations consider the ability to deploy such authentication and offer access via an increasing number of methods and devices a high or very high priority.
'It is clear that the days of logging into a company’s system with a username and password specific to that organisation are numbered,' sais Mike Turner, Global Cybersecurity COO at Capgemini Group. 'Users aspire to log in from anywhere in a variety of ways, including with social media profiles and existing email account.'
'The ownership of online identities is moving away from the organisation to more flexible and secure services maintained by the user, addressing access management needs. While it is extremely positive to see increasing recognition and investment from senior leadership, a considerable gap between the task at hand and the current capabilities of many organisations remains. The extent of this security challenge should not be underestimated.'