Only a few can manage identities securely

62 % of respondents believe it is important or critical for their company to provide or expand secure customer access to digital services. This is one of the core findings of the report "Identity Crisis: How to Balance Digital Transformation and User Security?"which surveyed more than 800 executives in the United States, the United Kingdom, Germany, France, the Benelux countries and Scandinavia. But only 26 % of those surveyed also have the technology to do so, according to the Capgemini and RSA study. In addition, the study results clearly showed that the user experience needs to be improved. 84 % would consider it necessary to offer more flexible and adaptable identity checks.

"As more organizations work with and in the cloud, they need to have solutions ready to adequately address the risks and threats associated with securing user identity," said Jim Ducharme, vice president in identity solutions at RSA. "These solutions must identify who is accessing what; effectively manage access; and control access to the various cloud services. These components are absolutely necessary to give the organization confidence that users are who they say they are in the cloud environment."

Increasing investments in the area of identity and access management

The findings indicate that companies are adapting to strengthen their existing security practices. In the face of serious online breaches with high damage, investments in identity and access management (IAM) would increase. Seven in ten companies (68 %) increased their IAM budgets, with 28 % increasing heavily.

The survey also shows that the view of IAM and its implementation has changed: Companies primarily want to allow users to take their own identity with them when they log in using their existing social identities. The prerequisite for this, however, is that this can be implemented without any security risk. Interestingly, the enforcement of this claim comes at the expense of a great deal of uncertainty in the areas of data protection and security regulations. It is also often not transparent to users from which location the services are provided.

Three findings of the report are particularly noteworthy, according to Capgemini and RSA:

• Firstly, adaptive authentication will determine access to devices and services for users in the future. For 84 % of all organizations, the provision of this authentication and access via an increasing number of methods and devices, such as social logins, have a high or very high priority. However, while 57 % of respondents in the U.S. already use Adaptive Authentication, the figure in Germany is 17 %.
• Second, most enterprises (85%) care or care deeply about quickly and easily deploying services supported by cloud technology. These are expected to be favored by IAM. Participants expect a future increase in such services.
• Third, both European and US organizations pay close attention to where security services are hosted. Nearly 90% of all respondents prefer or require data centers located in their country or region, especially for identity management services.

Significant gap

"The current practice of logging into the corporate system with a company's own username and password will have to be further developed. On the one hand, this is necessary for security reasons, where there is still a lot of potential for improvement. On the other hand, users also want to be able to log in in a wide variety of ways. This includes social media profiles and existing email accounts," says Michael Köhler, Head of Capgemini's Cybersecurity Practice in Germany and Austria. "The ownership of online identities is moving away from the organization to more flexible and secure services that users manage themselves. It thus follows the changing requirements for identity verification. While the increasing attention and interest of top management in this topic is very welcome, there remains a significant gap between the tasks at hand and the current capacity to do so in organizations. The magnitude of these security issues should not be underestimated."

For "Identity Crisis: How to Balance Digital Transformation and User Security?" 831 executives were surveyed. A majority of respondents work in IT departments (47% IT Services and 29% IT Security). The remaining respondents are reported to work in Sales & Marketing, HR and Finance. The study was conducted by KuppingerCole on behalf of RSA and Capgemini. Participants came from the U.S., U.K., Germany, France, Benelux and Scandinavia and work in organizations with more than 500 employee and customer identities to manage. One-third of all organizations surveyed manage 5000 to 50,000 identities, 40 % manage more than 50,000, and 7% manage more than one million identities.