The enterprise security industry is failing, with organizations being breached at an alarming rate. The study found that two-thirds of organizations experienced an average of five or more security breaches in the past two years, and hackers compromised more than one billion identities in 2016 alone.
That’s according to Forrester Research, which concluded that 83% of organizations do not have a mature approach to identity and access management (IAM) resulting in two times more breaches and $5 million more in costs than those that do. The more mature IAM approach showed direct correlation to reduced security risk, improved productivity, increased privileged activity management and greatly reduced financial loss over their less mature counterparts.
For instance, organizations with the highest IAM maturity experience half the number of breaches as the least mature. For instance, they are 46% less likely to suffer a server or application breach, 51% less likely to suffer a database breach and 63% less likely to suffer cloud infrastructure breach.
“Cybersecurity breaches are causing more havoc and affecting more industries than ever before,” said Tom Kemp, CEO of Centrify, which commissioned the study. “Despite over $75 billion spent on cybersecurity in 2016, the products and services from major security companies have failed to stop breaches from occurring, and in fact, the problem is getting worse. This clearly indicates that traditional approaches are flat out not working in this age of access.”
For years now, organizations have relied on a well-defined boundary, supported by digital walls and gatekeepers, to protect their assets. But today, with the rapid introduction of new technologies, platforms, applications and practices, that border has disintegrated, resulting in significant exposure for the global enterprise. With 90% of all enterprises moving to the cloud, and billions of users accessing data across millions of applications, enterprises face an increasingly complex digital canvas of identities. These identities live in and out of the enterprise, creating a new dimension in security. Most accessed by one simple permission: the password.
“Organizations need to completely rethink their security approach, and in today’s world of access they must increase their Identity and Access Management (IAM) maturity to more effectively reduce the likelihood of a data breach,” said Kemp. “Centrify’s mandate is to ensure the breach stops here by providing a single platform to secure each user’s access to apps and infrastructure in today’s boundaryless hybrid enterprise.”
Also, organizations that secure both regular and privileged access are less likely to experience a breach compared to those organizations that adopt fewer best practices. Forrester estimates that 80% of security breaches involve privileged credentials that typically belong to the IT professionals who administer the systems, databases and networks of an organization.
Organizations with the least IAM maturity averaged over 12 breaches, more than twice the number of breaches of the most mature, and endure more than $5 million more in financial damage.
The study further concluded that 91% of organizations with the most mature IAM stances gravitate toward integrated IAM platforms, rather than relying on multiple point solutions, and spend 40% less on technology. Mature companies spend more on overall IT security versus the least mature companies, but actually spend less on IAM technology as a percentage of their entire budget—40% less. This translates into an additional cost savings of $2,582,000, which not only makes these organizations more capital-efficient, but also allows them to better streamline their IT infrastructure by eliminating redundant IAM technologies.