10 identity management metrics that matter

Monitoring these key identity and access management numbers will help you evaluate the performance of your IAM solution.

A vast network of identity avatars. [identity management]
Dem10 / Getty Images

A changing data landscape, the proliferation of credential-based threats, and a tougher regulatory environment is creating pressure for organizations to deploy identity and access management (IAM) systems, even though the systems can be a bear to get right.

Things that can create hang-ups when deploying an IAM system include:

  • Ownership and collaboration problems. A successful IAM program requires identity data to be collected, manipulated and transformed to perform specific governance and automation functions. "When data owners do not, or cannot, collaborate and standardize basic attributes and processes, IAM functions become unclear, complex, and ultimately dysfunctional," explains Arun Kothanath, chief security strategist at Clango, an independent cybersecurity advisory firm and provider of identity and access management solutions.
  • The breadth of cooperation needed for success. Every constituency in an organization needs to be involved in the review, approval and operational deployment of the system. "IAM touches virtually every facet of an organization from the CEO to the intern, and given how generally difficult it is to install, integrate and operate, it requires considerable sustained labor and lengthy periods of deployment," notes Jack Mannino, CEO of nVisium, an applications security provider.
  • A myopic focus on technology. "Organizations tend to quickly focus on the technology, rather than keeping focus on the humans that will use it," observes Joseph Carson, a chief security scientist with Thycotic, a provider of privileged account management solutions. "That will create employee friction and poor adoption that will hinder deployments or delay."
  • A messy infrastructure. The infrastructure of many organizations can be spread across multiple physical and virtual locations and is often misunderstood and misconfigured. "IAM initiatives are difficult to deploy because of the chaos that is the modern-day enterprise. The foundation IAM needs to stand on is fundamentally broken," maintains Adam Laub, CMO of Stealthbits, a cybersecurity software company.

The importance of identity governance

Despite these challenges, companies continue to spend on IAM systems. Market research company IDC estimates the IAM market grew nearly 7% over the last year to $8 billion and will continue to grow in the low double digits over the next several years. Among the drivers behind that growth will be digital transformation. "Despite all the excitement associated with digital transformation, at least 60% to 70% of all computing workloads are on-premises," says Jay Bretzmann, IDC research director for cybersecurity products. "When those workloads move, they're going to have to change their identity approach."

To continue reading this article register now

Microsoft's very bad year for security: A timeline