Do CIOs and CISOs think alike when it comes to identity and access management (IAM)? What about machine identity management (MIM)?
That’s what Keyfactor and Pulse (acquired by Gartner) decided to find out in a recent study that surveyed 100+ CIOs and CISOs.
While CIOs are driving innovation, CISO’s ensure information assets and technologies are adequately protected while reducing risk. As the strategies around IAM evolve and machine identity management becomes crucial, these two roles need to work together to build a comprehensive strategy.
Check out these 3 insights below and download the free report to read more.
Insight 1: Machine Identities Only “Appear” to be a Low Priority
For most CIOs and CISOs, the top three IAM priorities for 2021 are user authentication (71%), privileged access management (62%), and cloud IAM & governance (54%). Machine identity management came in 4th (36%).
At first glance, it looks like machine identities should remain a low focus for IAM strategy. But that doesn’t tell the whole story.
Among CIOs only, we see that cloud IAM & governance (48.2%) and machine identity management (46.4%) are nearly tied for third place as IAM priorities in 2021. For CISOs only, they are more concerned with implementing identity proofing tools (29.5%) than with machine identity management (22.7%).
So what does this tell us?
It shows that CISOs and CIOs are split on prioritizing the importance of machine identities, but all is not lost. In a recent report, Gartner highlights that “An enterprise-wide machine identity management strategy is now imperative.”
So, this low priority could be related to a knowledge gap between both leaders. Let’s take a look.
Insight 2: Confidence and Planning for Machine ID’s Don’t Match Up
Securing human identities (e.g. MFA, SSO, passwords, etc.) dominates the mindshare of CIOs and CISOs. It’s easy to understand when most IAM strategies have only focused on user access and authentication over the past 20+ years. And 88% of respondents agree that they treat machine identities with the same level of policy and protection as user identities.
It’s understandable to see leaders respond in a positive manner for protecting both human and machines identities. However, their confidence doesn’t equate to their actual plan to secure machine identities.
When strategic plans for IAM strategy are developed, 79% of respondents say machine identities are only sometimes included in planning, followed by 11% who say they’re rarely included in planning.
If the majority of leaders only “sometimes” or rarely include machine identities in their IAM strategy, it;s clear there’s a lack of understanding on how to tackle this challenge.
Insight 3: Knowledge Gaps and Cloud Adoption Could Lead to More Investment in MIM
Although confidence in securing machine IDs is high, 71% of CIOs and CISOs are only moderately familiar or involved with the use and management of machine identities in their business, with only 16% stating that they’re very familiar or involved.
These results are troubling. Why? Because cloud infrastructure is the number one investment for these leaders, and it’s one of the biggest drivers in machine ID sprawl. As companies shift to cloud-first and zero-trust strategies, teams are leveraging machine identities to enable growth and secure digital transformation.
And without proper involvement in securing these IDs, CIOs and CISOs could unknowing be creating more challenges for their company
This may be the reason that one-quarter (25%) say they are underinvested in managing machine IDs.
See the full report
Get more industry insights around this report and many others, head on over to the Keyfactor resources center.