Unisys Corporation announced the results of a new research study on identity and access management (IAM) at the Digital ID World 2004 conference. The research study found that information technology decision makers view IAM - the process of establishing and managing the digital identities that provide secure access to networks, sensitive information and other business resources - as key to increasing enterprise security, managing IT costs and enabling compliance with government regulations.
The study, which surveyed C-level executives and IT managers at large U.S. companies, revealed numerous issues surrounding the economics of IAM, as well as budgeting issues and varying speeds of adoption for specific types of IAM solutions being deployed to secure enterprise IT infrastructures and information resources.
Money alone can't solve the issue
Seventy-seven percent of respondents view an effective IAM system as a primary means of protecting against corporate network intrusions resulting from identity theft and other attacks originating either inside or outside the enterprise.
Moreover, respondents indicated a prudent hesitation to simply throw money at the security issue. Instead, they expressed a desire to ensure that the system delivers a defined economic benefit. Six out of 10 respondents want an IAM solution that enables them to manage or reduce operational costs, and nearly half view achieving return on investment (ROI) as a key factor in judging the success of their IAM implementation. That concern is even higher among decision-makers from companies with revenues of $3 billion or more - indicating that ROI is even more critical to larger companies with more at stake.
Ninety-two percent of respondents responsible for regulatory compliance identified IAM as key to their strategy for compliance with rules mandating safeguards for sensitive information. Those include Sarbanes-Oxley (SOX) in corporate governance - with a compliance deadline looming November 15 - the Health Information Portability and Accountability Act (HIPAA) in healthcare, and the Gramm-Leach-Bliley Act (GLBA) in financial services. The research showed that the higher-ranking the respondent, the more likely they were to rate IAM as "extremely important" for compliance.
Eighty-seven percent of the respondents indicated they plan to budget funds for IAM in 2005, with more than 55 percent increasing their IAM budgets by an average of 19 percent over 2004. That commitment suggests that IT decision-makers have prioritized IAM as an area for special action.
"This research clearly demonstrates that senior IT management has come to view identity and access management not as a technology solution, but as a critical part of an enterprise business strategy," said Patrick O'Kane, chief architect, Unisys Identity and Access Management Practice. "IAM is no longer a 'nice to have,' it's a 'need to have' for infrastructure security that protects critical assets, promotes operational efficiency and yields optimal return on investment."
The survey also examined the adoption and penetration rates of the most commonly used types of IAM solutions including:
Single Sign On - the most widely adopted IAM solution - enables a user to access multiple Web applications through a single point of contact without needing to maintain or remember multiple passwords. Even with a high rate of adoption, there is still plenty of opportunity for, and interest in, further deployment.
-- 93 percent of respondents were familiar with Single Sign On.
-- 53 percent of respondents have already implemented Single Sign On, or are in the process of implementation, with another 37 percent planning to do so in the next one to four years.
Role-Based Access Control - grants users access privileges according to their function, not their personal identity. Workers are granted only the privileges they need to perform their jobs. This can yield significant improvements in operational efficiency by eliminating the logistical adds, moves and changes that occur when identity is tied to the individual rather than to the functional role.