Identity security is proving more important for zero trust than ever

security worker
(Image credit: 123RF)

For almost all enterprise IT and security decision-makers, endpoint security or device trust and identity management are essential to a robust Zero Trust strategy. However, only a handful of organizations are actually putting an effort in this direction, leaving most firms at risk of destructive cyberattacks.

This is according to “The Holistic Identity Security Maturity Model: Raising the Bar for Cyber Resilience” report, recently published by identity security experts CyberArk. 

After polling 1,500 IT and security decision-makers around the world, that operate in a multi-cloud environment, the company found that for nearly all (92%) of the respondents, device trust and identity management are key for Zero Trust. Furthermore, roughly two-thirds (65%) of the respondents believe the ability to correlate data is critical for effectively securing endpoints. 

Mature and holistic strategies

But most companies have a long way to go in that respect. Less than a tenth (9%) of organizations were identified as having “mature and holistic” Identity Security strategies. For CyberArk, these firms are “transformative” and have a “well-rounded focus on implementing Identity Security tools”. They are also “inherently agile” and display a “fail fast, learn faster” characteristic, even when faced with a successfully pulled-off cyberattack.

CyberArk also hints that it’s going to take quite some time before things turn for the better, as 42% of all respondents’ Identity Security programs are in the early stages of maturity and lack foundational tools and integrations for a quick mitigation of identity-related risk. 

“An expanding identity attack surface, IT complexity and several organizational roadblocks contribute to this widespread Identity Security deficit,” the researchers concluded.

There also seems to be a perception gap between C-level executives and other staff (technical decision-makers and practitioners) when it comes to Identity Security-related decisions. While 69% of the C-suite believe they’re making the right calls, just 52% of other staff would agree. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.