August 25, 2025

How confident are you in your IAM platform? According to new research, most organizations are stuck at the maturity midpoint.

In a recent study by Ponemon Institute and GuidePoint Security, only 50% of organizations rated their IAM platform as “very or highly effective” at managing user access provisioning. Just 46% said the same for authentication and authorization.

Key process areas continue to lag:

• Machine and non-human identities: Only 28% manage these using policy-driven, IAM-integrated approaches.
• Access reviews: 34% still rely on spreadsheets. Only 17% have automated this process through identity governance platforms.
• Privileged access: 43% of organizations assign elevated permissions to a primary account permanently — a major risk vector. Even worse, 40% say privileged passwords are managed solely by the account owner.

There’s also a gap in technology adoption. While 39% of organizations have refreshed their IAM platforms to cloud or SaaS-based models, the majority are still planning a transition — some as far as four years out.

Organizations are also falling short in deprovisioning non-human identities, with 40% still handling the process manually — a critical blind spot given the rise of automation and service accounts.

If your IAM platform feels like a patchwork of manual processes and limited oversight, you’re not alone — but you are at risk.

Download the full report to learn how to move beyond basic IAM and build a future-ready identity security program.