Access management projects continue through recession

Information access management (IAM) projects, which allow organisations to provide employees with secure access to their IT systems, are a priority for...

Information access management (IAM) projects, which allow organisations to provide employees with secure access to their IT systems, are a priority for businesses despite the downturn, a survey has revealed.

IAM technologies allow companies to authenticate user identities, control their access to IT resources and monitor what they do.

Almost 90% of CIOs and CEOs at 128 organisations in 23 European companies said they have started one or more IAM projects in the past year.

Some 70% said they have allocated specific budgets to IAM, according to the survey by consultancy firms KPMG and the Everett Group released at the ISSE 2009 security conference in The Hague.

That is despite IT security budget cuts, said the survey report, compiled with the support of the European Association of E-Identity and Security (EEMA) and the Institute of International Research (IIR).

A quarter of people questioned reported budget cuts of 5% to 50%, but almost three-quarters said IAM investments should be increased instead of decreased.

The biggest driver for IAM is governance, risk and compliance, the report said.

Most IAM projects are still focused on the direct employees of organisations.

This means few organisations are attempting full implementations that include customers or partners, said John Hermans, co-author of the report and associate partner at KPMG, Netherlands.

Although most people said they recognised the value of IAM, there are still significant gaps between the expected benefits and those achieved.

Some 49% said they were satisfied with the outcome of their IAM projects.

This indicates that IAM is still an evolving area that is not yet mature, the report said.

The lack of support from the business (51%) and the fact that the business was not ready for the proposed project (50%) were most often cited as reasons for project failure.

This indicates that IAM projects are still mostly the responsibility of the IT departments or security officers and not the business, the report said.

Organisations should not start any IAM project that does not have the support of the business, said Hermans.

"My hope is that more organisations will start projects aimed at delivering value to the business through being able to collaborate and respond faster to new opportunities," he said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.