Why IAM Maturity Still Eludes Most Organizations — And What High Performers Are Doing Differently
文章指出身份和访问管理(IAM)在当前威胁环境中的重要性,尽管投入增加但多数组织仍未能达到成熟水平。研究显示高绩效者采用生物识别、自动化等先进技术,而其他组织则面临资源不足、流程手动化等问题。 2025-6-25 16:10:0 Author: www.guidepointsecurity.com(查看原文) 阅读量:35 收藏

In today’s complex threat landscape, Identity and Access Management (IAM) is more than just a compliance checkbox; it’s a foundational security pillar. Yet, despite years of investment and increasing regulatory pressure, most organizations are still struggling to reach IAM maturity, a recent study finds.

The survey of more than 600 IT professionals conducted by Ponemon Institute, commissioned by GuidePoint Security, offers a revealing snapshot of where organizations stand today—and what’s holding them back. The data highlights a stark divide between organizations that are thriving in their IAM efforts and those that continue to rely on manual, outdated practices.

The Problem: IAM Isn’t a Priority—Yet

While identity-based threats are escalating, only half (50%) of surveyed organizations believe their current IAM tools are highly effective. Even fewer (44%) feel confident in their ability to prevent identity-based incidents. When asked how much of a priority IAM investments are compared to other IT security technologies, less than half (47%) ranked IAM as a high priority.

This disconnect is problematic. Insider threats and mismanaged credentials continue to be top contributors to data breaches. Take, for example, the 2023 Tesla breach, where insiders leaked sensitive employee information.

What High Performers Get Right

To better understand what sets successful IAM programs apart, the report looked at “high performers:” the 23% of respondents who rated their IAM tools as highly effective (9 or 10 on a 10-point scale).

These high performers are not only less likely to experience identity-related incidents (only 39% reported any) but also show a clear pattern of adopting advanced tools and automation. Here’s what they’re doing differently:

  • Biometric authentication: 64% of high performers vs. 37% of others
  • Automated checks for compromised passwords: 59% vs. 34%
  • Dedicated Privileged Access Management (PAM) platforms: 56% vs. 23%
  • IAM for managing non-human accounts (e.g., service accounts, machine identities): 53% vs. 31%

High performers also lead in adopting emerging platforms:

  • Identity Threat Detection and Response (ITDR): 37% vs. 12%
  • Identity Security Posture Management (ISPM): 35% vs. 15%
  • Identity Governance and Administration (IGA): 31% vs. 9%

What’s Holding Everyone Else Back?

Despite increased awareness, most organizations are still operating behind the curve as it relates to IAM. Here are a few of the key challenges:

  • Manual Processes: Many organizations still use spreadsheets or homegrown tools for periodic access reviews and deprovisioning—both for human and non-human identities.
  • Lack of Resources and Expertise: Over half (54%) say they don’t have the right technologies, and 52% cite a lack of in-house expertise.
  • Misaligned Priorities: Shockingly, 45% of respondents say the top driver for IAM investment is improving user experience—not security.

Automation, policy integration, and better lifecycle management are sorely lacking in most IAM programs. For example, only 41% say their IAM platforms are used for deprovisioning non-human identities, and nearly half of those still do it manually.

The Bottom Line: IAM Maturity Requires Focused Investment

IAM maturity isn’t a luxury—it’s a necessity. The gap between high performers and everyone else illustrates that success requires more than basic tooling. It demands strategic investment, automation, and executive-level prioritization.

Want to learn how to strengthen your IAM posture and join the ranks of high performers?

Download the full report now to get deeper insights and actionable strategies.


Laura Babbili

Integrated Marketing Campaigns Manager,
GuidePoint Security

Laura Babbili is a cybersecurity marketer with a background leading integrated marketing campaigns that engage technical audiences and drive business impact. She has held roles at global companies including TikTok, Cisco, and IBM, where she developed and executed strategies around small business, cloud security, and IT infrastructure, respectively. She holds a bachelor’s degree in Journalism from the University of Northampton in the United Kingdom and is now based in Austin, Texas, where she lives with her husband, daughter, and dog.


文章来源: https://www.guidepointsecurity.com/blog/why-iam-maturity-still-eludes-most-organizations/
如有侵权请联系:admin#unsafe.sh