4 Key Identity and Access Management Priorities and Investment Drivers

What drives your decisions around identity and access management (IAM)? According to the 2016 IDC Global Identity Management Assessment Survey, if you’re looking at an IAM solution, you’re likely most interested in one of four things: how effective a solution is, how it affects compliance, how much it simplifies IAM, or how much it costs. Four different buyers with four different priorities, to be sure—but also with a whole lot in common when it comes to solution drivers.

Whatever your priority as a buyer, there’s one decision driver that’s very likely near the top of your list: strengthening identity and access security. On a scale of 1-100, buyers who focused on efficacy and buyers who focused on compliance both scored at 75. Buyers who focused on simplification also scored relatively high at 64. That’s nearly as high as they scored their top priority of efficacy and compliance.

Another area of common ground among several types of buyers in the IDC survey is improving the ability to detect insider threats. Efficacy-focused, compliance-focused and cost-focused buyers all gave it relatively high (and nearly equal) scores.

So, what’s bringing all these diverse groups of IAM buyers together?

Top priorities for fighting identity-based attacks

Strengthening identity and access security and being able to detect insider threats aren’t just issues on which different types of buyers agree. They also top the list of issues that all IAM professionals in IDC’s study say they expect to grow in importance during the next two or three years.

That expectation on the part of IAM buyers isn’t too surprising when you think about the marked growth of identity-based attacks and the increasingly urgent need to protect against them.  With more users accessing resources remotely and in the cloud, identity has emerged as the most consequential attack vector today, with 81% of confirmed data breaches involving compromised identities. These drivers for IAM solution decisions reflect that reality.

Fighting back with more analytics and risk-based authentication

IAM professionals in IDC’s study have already widely adopted features, such as web single sign-on, web access management, and privileged access management in their IAM strategies. But their current rate of adoption for user behavior analytics and risk-based authentication capabilities is much lower. Perhaps not for long. If you look at plans to adopt these, the rate is two or more times higher than the current rate of adoption. And those aren’t just “sometime-in-the-future” plans; at least 25% of those surveyed said they intend to do it in the next year.

Behavior analytics and risk-based authentication capabilities, which take context into account when authenticating users, have the effect of increasing identity and access security while also simplifying the user’s experience. That makes them appealing whether the buyer is focused on security or simplification. 

Time to reimagine your identity strategy

No matter what drives a particular type of IAM buyer, one thing is certain: All buyers are facing new and growing identity-based threats, and everyone’s having to rethink their approach to IAM to successfully combat those threats. That means looking for ways to strengthen security as well as simplify access; adopting more context-based capabilities; and, last, but by no means least, committing the resources necessary to succeed. IDC reports a 48% anticipated increase in IAM spending during the next year among IAM professionals, with those looking to increase their IAM investment far outnumbering those who think they’ll decrease it.

Get the highlights of the 2016 IDC Global Identity Management Assessment Survey this infographic.