In a landscape dominated by multi-cloud environments and rapid digital transformation, identity management has become a paramount concern for organizations. Strata Identity, an identity orchestration company, recently unveiled the results of its third annual “State of Multi-Cloud Identity Report” conducted in partnership with Osterman Research. This report delves into the challenges and priorities faced by IT leaders and decision-makers in North American organizations with annual revenues exceeding US$100 million. The findings shed light on the complexities and vulnerabilities surrounding identity management in multi-cloud setups.
Rising Complexity in Cloud Identity Providers
The findings of the “State of Multi-Cloud Identity Report 2023” highlight a significant shift in how organizations are managing their cloud identity providers (IDPs) compared to the previous year. In the previous year, 30% of organizations relied on a single cloud IDP, but this number has seen a notable decline to just 20%. Instead, a staggering 80% of organizations have opted to use multiple IDPs for managing their enterprise identities. This shift towards multiple IDPs has introduced a host of challenges related to cloud security and has brought about heightened concerns in several key areas:
Lack of Visibility: A substantial 67% of surveyed enterprises have expressed deep-seated concerns about their limited visibility into access policies within multi-cloud environments. This lack of visibility means that organizations struggle to understand and track who has access to their systems and data.
Identity-Based Threats: For 65% of organizations, identity-based threats have emerged as a prominent security concern. The report underscores that the inherent complexities of managing identities across multiple providers create vulnerabilities that can be exploited by malicious actors.
Data Privacy Regulations: The complex nature of fragmented identity ecosystems has made it increasingly challenging for organizations to adhere to data privacy regulations. For 56% of respondents, this represents a pressing concern as non-compliance can result in significant legal and financial consequences.
Michael Sampson, principal analyst for Osterman Research, emphasizes the paradoxical effect of expanding identity systems. While the intention behind this expansion is to enhance cybersecurity, it has actually led to increased complexity. The report highlights that this complexity, compounded by a lack of visibility into access policies, has left organizations in a precarious position where they may not fully comprehend the security implications of their multi-cloud identity setups.
While the percentages provided above represent the concerns expressed by surveyed organizations, it is essential to recognize that these figures showcase the gravity of the challenges faced in managing cloud identities in today’s dynamic and complex IT landscape.
Key Report Findings
The “State of Multi-Cloud Identity Report 2023” paints a vivid picture of the challenges organizations face in managing identities and access policies in multi-cloud environments. Here are some of the key findings:
Incomplete Visibility: An alarming 76% of organizations lack complete visibility into access policies and applications across multiple cloud platforms. This includes an inability to ascertain which access policies exist, where applications are deployed, and who has access.
Identity Duplication: More than half of enterprises (56%) do not possess a single version of truth regarding identities and their attributes. This raises concerns about identity duplication and unauthorized access.
Declining Policy Consistency: Only 41% of surveyed companies can enforce consistent access policies across their multi-cloud environments, marking a 25% year-on-year decline.
Legacy Application Challenges: A significant 60% of organizations face resource and time constraints that prevent them from updating old, outdated applications to support modern identity protocols and cloud identity systems with enhanced security controls, such as passwordless authentication.
Limited Access to Source Code: A staggering 78% of organizations lack access to the source code necessary to update their applications for compatibility with modern identity systems.
Identity Orchestration as the Solution
Eric Olden, CEO of Strata Identity, emphasizes the profound implications of the report’s findings. He underscores that the increased adoption of multiple identity providers (IDPs) and associated technologies has paradoxically led to less effective management of access policies, consequently elevating security and compliance risks for both cloud and on-premises resources. Olden proposes a solution in the form of “Identity Orchestration” to address these pressing challenges.
The Key Points in Olden’s Proposal:
Less Effective Access Policy Management: The report highlights that the complexity arising from the use of multiple IDPs and technologies has resulted in less efficient management of access policies. This, in turn, leaves organizations exposed to heightened security and compliance risks.
Identity Orchestration as a Remedy: Olden introduces “Identity Orchestration” as a strategic solution to this complex issue. This approach entails unifying disparate Identity and Access Management (IAM) systems, tools, and processes into a cohesive “identity fabric.”
Empowering Organizations: The proposed Identity Orchestration approach empowers organizations to seamlessly manage new identity services across a wide range of cloud and hybrid environments. It streamlines identity management, thereby simplifying the intricate task of overseeing identities in multi-cloud computing scenarios.
While the provided information outlines the essence of Olden’s proposal, it’s essential to understand that this represents a strategic approach rather than specific statistics or figures. The concept of Identity Orchestration acts as a proactive response to the challenges brought to light by the report, offering organizations a path towards enhancing security, compliance, and efficiency in their multi-cloud identity management practices.
The “State of Multi-Cloud Identity Report 2023” reveals a significant shift towards multiple cloud identity providers, resulting in heightened security concerns and compliance challenges. With a lack of visibility into access policies and identity-based threats on the rise, organizations face critical hurdles. Eric Olden, CEO of Strata Identity, suggests “Identity Orchestration” as a solution to streamline identity management across diverse cloud ecosystems. As organizations seek to navigate these challenges, unifying identity management emerges as the path towards enhanced security and compliance.