In APJ the change is slower, while 41% of organizations task security with managing IAM, another 56% of organizations have security either oversee identity or manage the technology, but not both. There are further signs of the growing importance of identity initiatives, with 34% of respondents using multi-factor authentication (MFA) for external users and 33% for in-house staff.
Across the four industries the report focused on, healthcare organizations are prioritizing MFA for external and internal users and connecting directories to cloud apps. In the public sector the priority is MFA for external users, secured access to APIs, and MFA for employees, in financial services MFA for employees first followed by MFA for external users, and privileged access management for cloud infrastructure, and in software the priorities are MFA for employees, secured access to APIs, and MFA for external users.
Security decision-makers’ focus
In the next 12 to 18 months decision makers will prioritize managing privileged access to cloud infrastructure (42%), securing access to APIs (42%) and implementing multi-factor authentication (MFA) for employees (42%). Furthermore, when it comes to protecting authentication, organizations are more likely to use MFA and single sign-on protection for servers and databases.
More than half of the C-suite respondents said this year that identity was extremely important to a zero-trust strategy, with another 40% declaring it somewhat important. A big shift from last year, when 26% of C-suite respondents declared identity as mission-critical.
IT leaders are integrating their IAM systems with mobile device management (MDM). SIEM, MDM, and endpoint protection are the top three “most important” systems to prioritize integrating directly with an IAM solution, according to the report.
“Low assurance” passwords are still the standard
Passwords remain the “stubborn standard” for authentication globally, “despite their low assurance, and are still used at more than half of the respondents’ organizations.” Security questions, which aren’t much better, are the second-most often used, globally and in EMEA and APJ, while they’ve taken the top spot in North America. The report also found other low assurance services in use including hardware OTP and SMS, voice, and email OTPs.