Ponemon Institute is pleased to present the findings of Global Trends in Identity Governance & Access Management, sponsored by Micro Focus. The purpose of this study is to understand companies’ ability to protect access to sensitive and confidential information and what they believe is necessary to improve the protection.
All participants in this study are involved in providing end users access to information resources in their organizations.
In this study, we surveyed 2,580 IT and IT security practitioners in North America, United
Kingdom, Germany, EMEA, Brazil, LATAM and Asia-Pacific1. The consolidated findings are
presented in this report. The findings for North America, UK, Germany and Brazil are published in separate reports.
On average, companies represented in this research must provide identity
governance and access support to approximately 13,000 internal users (employees) and 191,000 external users (contractors, vendors, business partners, customers and consumers).
All enterprise organizations are under pressure to drive business innovation in order to respond to changes in the competitive landscape, and to meet changing customer expectations. This is fueling a trend toward digitalization as more resources and interaction move online, requiring greater and freer access to online information sources. Yet the survey shows that the security, access management, and governance processes to support this digitalization are not yet in place.
In this study, we have identified the following trends that will have a significant impact on how
organizations will be managing identity governance and access.
1. Employees are frustrated with access rights processes, and IT security is considered a
bottleneck. Sixty-two percent of respondents say IT security is viewed as a bottleneck in the
process for assigning and managing access rights to users and 57 percent of respondents
say employees are frustrated with the current process for assigning and managing access
2. Responding to requests for access is considered slow.
Only 41 percent of respondents say the function that provides end-user access to information resources is quick to respond to such changes as termination or role changes. These findings may explain why lines of business and application owners are taking charge of access when
it comes to the cloud.
3. Control over access management is decentralized.
According to 59 percent of respondents, senior leaders prefer each business function to determine what access privileges are required for a given user’s role and function.
In the cloud environment, responsibility is more decentralized. Twenty-nine percent of
respondents say lines of business and 21 percent say it is the application owner who is
deciding end-user access in the cloud environment.
4. Certain technologies are considered an important part of meeting identity governance
and access management requirements. These are multi-factor authentication (69 percent
of respondents), identity and access management (69 percent of respondents), access
request systems (67 percent of respondents) and biometric authentication (60 percent of
5. A single-factor authentication approach is no longer effective. Seventy-five percent of
respondents say a single-factor authentication approach, including username and password,
can no longer effectively prevent unauthorized access to information resources.
6. Integration of machine learning within identity governance solutions is critical (64
percent of respondents). Also considered critical are scalability to achieving an effective
identity governance process and compliance with leading standards or guidelines, both noted
by 63 percent of respondents.