Austin, Texas, USA, December 20, 2024
Addressing the Challenges of Managing Identities in the Age of SaaS
Identity-based attacks are on the rise, as malicious actors seek to capitalize on growing complexities in managing user identities and credentials. As a result, more than half (51.1%) of Identity and Access Management decision-makers considering replacing their existing vendors would do so to address more complex user management requirements (e.g., RBAC across a larger set of applications), and 48.9% would do so to address the evolving application and workforce landscape (e.g., new cloud applications, mergers and acquisitions), according to Futurum.
Increasingly, attackers are gaining access to organizations’ environments by logging in with compromised credentials, as opposed to hacking in. In fact, in its Digital Defense Report 2024, Microsoft reported that its customers are facing a staggering 600 million attacks per day from cybercriminals and nation-state actors. At the same time, the rise of cloud computing and growing adoption of SaaS applications (to the tune of the average enterprise having 100 or more SaaS applications in use) is expanding the attack surface, creating numerous entry points for malicious actors.
Given this backdrop, implementing solid Identity and Access Management (IAM) policies and tools has never been more critical. Specifically, cybersecurity decision-makers are looking for tools to help thwart attacks designed to exploit growing weaknesses in authentication, authorization, and credential management.
Specifically, Futurum’s research indicates that more than half (51.1%) of Identity and Access Management decision-makers considering replacing their existing vendors would do so to address more complex user management requirements (e.g., RBAC across a larger set of applications), and 48.9% would do so to address the evolving application and workforce landscape (e.g., new cloud applications, mergers and acquisitions).
Figure 1: Top Priorities: Replacing IAM Vendor with New or Better Technology
Respondent feedback reflects that, in addition to more traditional headaches such as managing identities and credentials through merger & acquisition-related integrations, the influx of a larger set of applications that are hosted both on- and off-premises has created new and top-of-mind challenges. In addition to expanding the potential attack surface, increasing opportunity for attacks such as credential stuffing and phishing, this limits visibility and control for IT. For example, IT might not even be aware of all SaaS applications in use, and as a result, some applications might not have adequate security controls in place. It also adds time and complexity for managing access rights, potentially leading to errors and inconsistencies.
A few top-of-mind capabilities that come up in Futurum’s conversations include continuous authentication, micro-segmentation, and least privilege access to facilitate a zero-trust approach. The concept is that trust and access are not implicitly granted, but rather must be proven on a continuous and fine-grained basis. Also key is ensuring that user identities are managed and governed throughout their life cycle, from provisioning to de-provisioning.
As reflected in the survey feedback, busy IT and Security teams that are strapped for time are also looking for integration that is as seamless as possible with directories, applications such as HR tools, and other security tools. In addition to reducing the administrative overhead, this facilitates a centralized view into user identities and access rights across, which helps to identify security gaps. It can also help to synchronize identities and access rights with employee life cycle events, such as hiring, promotions, and terminations. Tie-ins to the broader cybersecurity toolchain can enhance detection of, and accelerate response to, identity-related threats, such as account hijacking, credential stuffing, and phishing. Finally, it can allow for single-sign-on (SSO) as a result, improving the user experience and reducing password fatigue.
As the threat landscape continues to evolve, so too will competitive dynamics within the IAM market. Vendors who can effectively address the challenges of identity-based attacks and provide robust, user-friendly solutions will be well positioned for success.
About Futurum Intelligence for Market Leaders
Futurum Intelligence’s Cybersecurity IQ service provides actionable insight from analysts, reports, and interactive visualization datasets, helping leaders drive their organizations through transformation and business growth. Additional information is available at https://app.futurumgroup.com/.
Follow news and updates from Futurum on X and LinkedIn using #Futurum. Visit the Cybersecurity Newsroom for more information and insights.