It's in the cloud somewhere... Three-quarters of enterprises don't know where their apps are
A new study reveals that 76 percent of enterprises don't have complete visibility into the access policies and applications across multiple cloud platforms, including which access policies exist, where applications are deployed, and who does and doesn't have access.
The report, from Strata Identity based on data from Osterman Research, shows the percentage of organizations using a single cloud identity provider (IDP) is down from 30 percent to 20 percent since last year. The other 80 percent are now using multiple IDPs to manage enterprise identity.
Given this fragmentation it's perhaps not a surprise to learn that the top three cloud security concerns among enterprises are a lack of visibility into access policies (67 percent), identity-based threats (65 percent), and meeting data privacy regulations (56 percent).
"More identity systems are being used to manage users, and organizations are losing visibility and control over their identities and access policies. So improvements in identity infrastructure intended to drive an improvement in an enterprise’s cybersecurity posture have caused the opposite effect leading to complexity overload," says Michael Sampson, principal analyst for Osterman Research. "Poor visibility of existing access policies means enterprises are flying blind -- they do not know where apps are hosted, nor who has access to their data. In our opinion, the rapid adoption of multi-cloud is elevating this problem to critical status."
Among other findings, 56 percent don’t have a single version of the truth for identities and their associated attributes, increasing concerns over identity duplication and the likelihood of unauthorized access and credential breach.
Less than half the companies surveyed (41 percent) say they can enforce consistent access policies to reduce identity and security risks. This is down from 55 percent last year -- a 25 percent year-on-year decline.
In addition 60 percent of organizations don't have the resources or time to rewrite old, outdated applications so they can support modern identity protocols and work with cloud identity systems that provide enhanced security controls like passwordless authentication. In fact 78 percent don't even have access to the source code needed to update their applications so they can use modern identity systems.
"This report illustrates how the combination of adding more identity providers and technology is leading to less effective access policy management and increasing security and compliance risks to both cloud and on-premises resources," says Eric Olden, CEO of Strata Identity. "Identity Orchestration unifies disconnected and disjointed IAM systems, tools and processes into an identity fabric -- enabling organizations to dynamically add and unify the management of new identity services across multiple cloud and hybrid environments."
You can get the full report from the Strata site.
Image credit: IgorVetushko/depositphotos.com