Identity and Privileged Access Maturity Model [Survey Results]

Promising Signs in Identity Management and Administration

Identity access management is a cybersecurity framework for managing what each individual user can access within your network. It's a critical consideration for protecting sensitive data, as it restricts access to certain resources based on each user's need. In our survey, we found that the average IAM maturity score was 2.33 out of four.

Nearly two-thirds (64%) of respondents said their organization had a primary directory that served as their single source of truth for most — if not all — of their internal identities. Identities from other systems could link back to this directory, which provided mostly consistent data across the system.

Although another 24% used the primary directory as their only source of network authority, 12% used various sources of truth for identity information, which caused fragmented data. Without a centralized source of truth, properly managing identities across your organization is difficult at best and near impossible at worst.

Multi-Factor Authentication (MFA) requires users to provide multiple identifying factors in order to log in. It's significantly more secure than your standard username-password combination, but it has its limitations. 

MFA fatigue, for example, is a growing problem. Attackers can steal usernames and passwords, but they can't remotely respond to a push notification on someone else's smartphone. So they spam the victim with notifications until they accidentally grant access to their account. Finding ways to eliminate this problem, such as passwordless security, is going to be crucial in the coming years.

In our survey, we discovered that 95% of organizations have implemented some level of MFA in their environments with varying degrees of standardization. And 11% were able to create a frictionless experience using dynamic, contextual policies that reduce MFA fatigue.

More Than Half Leverage Privileged Access Management

Privileged access management is a specific IAM approach that grants and revokes elevated access as needed to reduce the risk of data loss. There are many technologies and policies that go into a comprehensive PAM solution, including password vaults and just-in-time approaches.

Our survey found that 56% of organizations store all their shared credentials — such as super-administrative credentials — in an enterprise-wide vault. Organizations in this group also leveraged basic vault integrations such as automated audit and account rotation, which helps keep credentials from being abused. However, these organizations could stand to use more advanced controls.

Only 6% used a Just-In-Time (JIT) approach — granting privileges only when needed — to minimize the risks of standing privilege across their environments. A solution like Bravura Privilege, which enables multiple types of JIT approaches, helps eliminate the need to manually manage privileged account credentials by automating key PAM processes for various use cases.