Join us
Log in

Month: November 2024

Staying one step ahead: Leveraging market insights for identity and access management

Posted on by nicola.coen@vansonbourne.com

Understanding the Evolving Threat Landscape 

The recent Snowflake credential breach, which impacted over 150 organizations, serves as a stark reminder of the critical role that Identity and Access Management (IAM) plays in defending against increasingly sophisticated cyber threats. This incident underscores a key truth: no organization, regardless of size or industry, is immune to cyber risks. 

To stay one step ahead of these threats, it’s essential for organizations to embrace a proactive approach to security. As the saying goes, “hackers don’t hack in; they log in.” Robust IAM solutions are a must—but they must be informed by data and strategic insights. This is where market research becomes invaluable, offering organizations the intelligence they need to anticipate future threats and outperform competitors. 

Methodology: Blending Quantitative and Qualitative Approaches 

Our approach to uncovering meaningful IAM insights combined both quantitative and qualitative research methods. While quantitative data provides solid numbers that can track trends and inform decisions, the real power comes from the qualitative insights—gathering feedback directly from IT decision-makers to understand their challenges, priorities, and pain points. 

By starting with qualitative research, we were able to dive deeper into the experiences and perspectives of industry professionals. These insights then guided our quantitative phase, enabling us to focus on the most relevant topics and generate more actionable data. This blended methodology gave us a 360-degree view of the IAM landscape, with both in-depth analysis and reliable metrics, ensuring our findings were both robust and credible. 

Key Findings 

Security is a Top Priority — Yet Organizations Struggle to Execute 

Our research revealed a significant contradiction: while security remains a top priority for most organizations, many still face significant inefficiencies in their IAM practices. In interviews with IT leaders, security was repeatedly cited as a key concern. However, our quantitative data revealed that organizations often rely on a patchwork of authentication methods—an average of four across different applications. Despite this, 21% of respondents reported experiencing multiple security breaches over the past year.

This gap highlights a critical insight: while organizations believe they’re well-protected by multiple layers of security, they may still be vulnerable. Could your organization be operating under a false sense of security? It’s essential to assess whether your IAM strategy is truly up to the task in today’s threat landscape. 

IAM Challenges: An Industry-Wide Issue 

Nearly nine in ten (89%) organizations reported facing challenges with their current authentication methods. Many are still grappling with outdated technologies; 31% of respondents identified this as a key issue. This presents a prime opportunity for organizations to modernize their IAM systems and improve security posture. 

The threats facing organizations are evolving rapidly, with cybercriminals becoming more sophisticated every day. Our research found that phishing (72%) and social engineering (62%) are the most common attack vectors in the identity management space, further emphasizing the need for stronger, more resilient IAM systems. Therefore, adopting robust, modern authentication methods is essential. 

So what does the future hold for Identity and Access Management? 

Looking ahead, our research points to passwordless authentication as a game-changer for the future of identity management. Biometric authentication, in particular, offers a powerful alternative to traditional passwords by leveraging unique physical characteristics to verify identity. Our findings show that nearly two-thirds (63%) of organizations are already using or plan to adopt fingerprint recognition. Fewer organizations are implementing facial recognition (45%) and voice recognition (36%), but the trend is clear—biometric solutions are becoming a cornerstone of IAM strategy. 

Our qualitative interviews also revealed a growing interest in multi-modal authentication combining several biometric methods for a more secure and user-friendly experience. This layered approach not only improves protection but also reduces the chances of false positives, ensuring a smoother, more reliable user experience. 

Is your organization exploring these biometrics-based methods? If not, now may be the time to consider them as a critical step in strengthening your security infrastructure. 

Methodology

100 IT decision makers from the Vanson Bourne Community were interviewed in the UK in June 2024. All came from organisations across a range of sizes and private and public sectors. As a member of the Vanson Bourne Community you’ll gain access exclusive to a variety of insights reports just like this one, based on research with our members. Sign up for free here.

 

Balancing act: Uncovering IT security leaders’ pressures

Posted on by nicola.coen@vansonbourne.com

At RSA 2024, Leigh McMullen, VP and Security Analyst at Gartner, noted that IT security leaders’ roles are becoming increasingly complex and demanding. Often, these leaders are seen as the silent defenders, working behind the scenes to protect organizations from sophisticated cyber threats. But what’s often overlooked is the toll this takes on them. With a diminishing pool of talent, we can’t afford to burn out these key figures who drive technology and transformation within their organizations. 

A Dual Methodology Approach to Understanding IT Security Challenges 

To gain deeper insights into the challenges faced by IT security leaders, we employed a dual methodology approach. We began with a quantitative online survey of 87 IT security decision-makers, followed by qualitative in-depth interviews to dig into the nuances behind the numbers. 

While the survey gave us useful statistics, it left us with questions that required a more personal, detailed exploration—such as: How do these leaders balance security and innovation? What specific hurdles do they face? We needed to hear directly from the people who are living this reality every day. So, we conducted two in-depth interviews to get a more comprehensive understanding. 

The Struggle to Keep Up 

IT security leaders are facing a growing workload that is becoming increasingly difficult to manage. Here are some of the most pressing challenges: 

  • Rising Expectations: Balancing the need to meet strategic priorities while working with limited budget is becoming an ever greater challenge. 
  • No Time to Pause: IT security leaders can’t afford to slow down. They must constantly monitor market trends, emerging threats, and evolving technologies to stay ahead of the curve. 
  • High Stress: The pressure to maintain a calm demeanour while leading teams through crises, like security breaches or incidents, is intense. A trusted, capable team is essential for managing this stress. 

 As one Head of Information Security in retail explained:
“You can’t ever keep ahead of the game. It’s about not falling too far behind—just trying to keep up with everything that’s going on.” 

And as a CIO in insurance put it:
“You need a strong team you can trust, but when security or tech incidents happen, you need to keep a cool head and think clearly.” 

 

Security’s Impact on Innovation 

While IT leaders strive to innovate, security needs often act as a barrier to that progress. Key insights include: 

  • Security and Innovation: Every innovation carries risk, and leaders must implement the right security protocols and governance structures to mitigate those risks. 
  • Cultural Shift Needed: Risk management should support, not stifle innovation. There’s a need for a shift in mindset across organizations to better align security and business goals. 

As one CIO in insurance noted:
“Stability and security are the foundation of everything we do. Without them, you can’t move forward with transformation or innovation.” 

In a similar vein, the Head of Information Security at a retail company remarked:
“There’s no such thing as a zero-risk policy in security. The business wants to take risks for innovation, so it’s all about finding the right balance.” 

 

IT security leaders have mixed feelings about AI. Balancing security risks with benefits is crucial

IT security leaders have mixed feelings about the integration of AI into their security strategies. While AI has the potential to revolutionize security tools, it also comes with challenges: 

  • AI Complexity: AI increases the complexity of IT security management, demanding specialized talent for effective deployment and oversight. 
  • Advanced Cyberattacks: Malicious actors are increasingly using AI to carry out more sophisticated attacks, placing additional pressure on IT leaders. 
  • Board Expectations: Boards are eager to adopt AI-powered security tools quickly, but they often fail to grasp the complexity and cost involved, forcing IT security leaders to manage their expectations. 

As one Chief Security Officer in manufacturing shared:
“The hype around AI is overwhelming. The board expects it to be the magical fix for all our security issues, but they don’t understand how complex and expensive it can be.” 

 

The Future: Upskilling and Navigating Complexity 

Looking ahead, IT security leaders face even greater pressure as cyber threats become more sophisticated and the need to integrate AI-enabled technologies grows. The future will require: 

  • Upskilling teams: IT security leaders need to ensure that their teams are equipped to manage both traditional security threats and those emerging from AI-enabled attacks. 
  • Balancing AI’s Risks and Rewards: The complexity of AI requires careful management, skilled talent, and a solid strategy to leverage its benefits without increasing vulnerability. 

 

As a CIO in insurance noted: 
“You need people who understand the wider picture—the integrations and the ecosystem. Business models are changing, and your team needs to have both specialized and broad skill sets to stay ahead.” 

Methodology

87 IT decision makers from the Vanson Bourne Community were interviewed in the UK in May 2024. All came from organisations across a range of sizes and private and public sectors. As a member of the Vanson Bourne Community you’ll gain exclusive access to insight reports just like this one. Sign up for free here.

What do our members think?

“Vanson Bourne Community sends me interesting IT related surveys. The rewards I receive are generous and I love that I can send them to a selection of charities.”
Operations Manager, Financial Services
"I have been part of the Vanson Bourne Community for many many years now, and the surveys are always interesting and do make me think about my understanding of topics, its great being part of the group."
Head of Technology, Media
"Vanson Bourne Community surveys are relevant to my job role. The surveys are well designed and not repetitive. The survey incentives are variable, extremely fair and delivered quickly. This is by far my favourite panel."
IT Manager, Financial Services
Interested?
Come and be part of our great community!
Join us
© Vanson Bourne Ltd. All rights reserved | A company registered in England and Wales under 03845096. VAT Number GB724 4917 27.
Website design by MAXX