Business Services Industry

New Unisys Study Shows Corporate IT Decision-Makers View Identity and Access Management as a Chief Security Concern

Business Wire, Oct 25, 2004

DENVER -- Eighty-Seven Percent of Respondents to Fund Identity and Access Management Solutions in 2005; More Than Half Increasing Budgets by Nearly 20 Percent

Unisys Corporation (NYSE:UIS) today announced the results of a new research study on identity and access management (IAM) at the Digital ID World 2004 conference. The research study found that information technology decision makers view IAM - the process of establishing and managing the digital identities that provide secure access to networks, sensitive information and other business resources - as key to increasing enterprise security, managing IT costs and enabling compliance with government regulations.

The study, which surveyed C-level executives and IT managers at large U.S. companies, revealed numerous issues surrounding the economics of IAM, as well as budgeting issues and varying speeds of adoption for specific types of IAM solutions being deployed to secure enterprise IT infrastructures and information resources.

Money alone can't solve the issue

Seventy-seven percent of respondents view an effective IAM system as a primary means of protecting against corporate network intrusions resulting from identity theft and other attacks originating either inside or outside the enterprise.

Moreover, respondents indicated a prudent hesitation to simply throw money at the security issue. Instead, they expressed a desire to ensure that the system delivers a defined economic benefit. Six out of 10 respondents want an IAM solution that enables them to manage or reduce operational costs, and nearly half view achieving return on investment (ROI) as a key factor in judging the success of their IAM implementation. That concern is even higher among decision-makers from companies with revenues of $3 billion or more - indicating that ROI is even more critical to larger companies with more at stake.

IAM increasingly a key component of corporate compliance

Ninety-two percent of respondents responsible for regulatory compliance identified IAM as key to their strategy for compliance with rules mandating safeguards for sensitive information. Those include Sarbanes-Oxley (SOX) in corporate governance - with a compliance deadline looming November 15 - the Health Information Portability and Accountability Act (HIPAA) in healthcare, and the Gramm-Leach-Bliley Act (GLBA) in financial services. The research showed that the higher-ranking the respondent, the more likely they were to rate IAM as "extremely important" for compliance.

Budgeting shows growing commitment to IAM in 2005

Eighty-seven percent of the respondents indicated they plan to budget funds for IAM in 2005, with more than 55 percent increasing their IAM budgets by an average of 19 percent over 2004. That commitment suggests that IT decision-makers have prioritized IAM as an area for special action.

"This research clearly demonstrates that senior IT management has come to view identity and access management not as a technology solution, but as a critical part of an enterprise business strategy," said Patrick O'Kane, chief architect, Unisys Identity and Access Management Practice. "IAM is no longer a 'nice to have,' it's a 'need to have' for infrastructure security that protects critical assets, promotes operational efficiency and yields optimal return on investment."

Different classes of IAM solutions show different adoption rates

The survey also examined the adoption and penetration rates of the most commonly used types of IAM solutions including:

Single Sign On - the most widely adopted IAM solution - enables a user to access multiple Web applications through a single point of contact without needing to maintain or remember multiple passwords. Even with a high rate of adoption, there is still plenty of opportunity for, and interest in, further deployment.

--93 percent of respondents were familiar with Single Sign On.

--53 percent of respondents have already implemented Single Sign On, or are in the process of implementation, with another 37 percent planning to do so in the next one to four years.

Role-Based Access Control - grants users access privileges according to their function, not their personal identity. Workers are granted only the privileges they need to perform their jobs. This can yield significant improvements in operational efficiency by eliminating the logistical adds, moves and changes that occur when identity is tied to the individual rather than to the functional role.

--Role-Based Access Control was the next most-recognized IAM solution after Single Sign On; more than 80 percent of respondents were familiar with it.

--37 percent of respondents stated they have already implemented or are currently implementing Role-Based Access Control.

--41 percent of respondents stated they plan to implement Role-Based Access Control within the next four years.

Federated Identity Management - enables participating organizations to cooperate in sharing each other's authentication and authorization services. It is particularly useful for secure information-sharing with external partners and suppliers, or among business units within a company.


 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

advertisement
advertisement
  • Click Here
  • Click Here
  • Click Here
advertisement
Click Here

Content provided in partnership with Thompson Gale