ID management wins top priority but little understanding

IT departments have no clear understanding of what it takes to secure their IT systems with identity and access management...

IT departments have no clear understanding of what it takes to secure their IT systems with identity and access management controls, despite ranking it as a high priority for their organisations.

Only 8% of UK IT directors were able to define identity and access management and one in five had never heard of key elements of identity access management, research published today will reveal.

The research by security supplier RSA suggests that IT directors are focusing on point solutions that solve only part of the problem, rather than taking a system-wide view of identity and access management.

“UK industries are undergoing fundamental changes in the way they do business, and for them a network-driven environment no longer reflects  the structure of their business,” said Tim Pickard, vice-president for international marketing at RSA.

Over 75% of the IT directors interviewed said that identity management was a high priority for their organisation.

The majority identified security as the most important business driver, and achieving regulatory compliance was a driver for 74% of the IT departments.

But IT departments also saw the technology as a business enabler. Over half cited lower administration and IT costs, increased productivity and the need to gain competitive advantage.

Despite these advantages, companies were buying tactical solutions rather than adopting a coherent system-wide strategy, the research revealed.

Half said single sign-on was the most fully implemented part of identity management in their organisations, followed by directory management, web services and strong authentication.

One of the biggest barriers to implementation of identity and access management was a lack of support from the board. A third of IT directors said that lack of funding was a barrier, and a third identified lack of buy-in from senior of executives.

But the failure of IT directors to fully understand the technology could mean that many will have difficulty presenting a sound business case to the board, RSA’s research suggests.

Read more on IT legislation and regulation