The progress of identity security — a three-year review

The future of identity security is defined by the challenges enterprises face today – from the growth of identity data breaches of unprecedented sophistication and pervasiveness to the proliferation of novel identity types. Organizations are also faced with rising insurance costs and penalties for regulatory or compliance violations. An increasingly risky world, with dire financial stakes, requires increasingly robust identity security solutions.

That’s why SailPoint has its eye on the horizon, analyzing and trying to anticipate where identity security is headed. We’ve developed critical insights into how identity security solutions are progressing and predictions for the future of identity security.

The Horizons of identity security

For the last three years (2022-2024), we’ve surveyed enterprise IAM and cybersecurity decision makers across the globe to assess their capabilities across identity security horizons, map the state of identity security challenges, and learn how the world’s top organizations are combating risk in an effort to uncover future trends.

Most surveyed organizations remain in the early stages of their identity security journeys, including more than 40% still in Horizon 1, but a growing number of enterprises are progressing through the Horizons, such that approximately 1/3 of all organizations surveyed now enjoy the benefits of security in the top three most secure Horizons.

The shift upward suggests that organizations are increasingly placing a higher value on security but that the full value of identity security remains untapped for the majority of organizations.

Key learnings over the years

With each year of the Horizons reports, we derived key insights that map the progress of identity security in addressing the needs of the modern enterprise.

In 2022, we learned that the future of identity security will likely be shaped by ongoing technology shifts. Specific predictions included:

• Integrated identity will create a common link across technology environments, including cloud, software as a service, application programming interfaces, and data.
• Dynamic trust models where access evolves based on an identity’s behavior and interactions and artificial intelligence (AI) will lead the way in understanding and adjusting access.
• Universal identities that can merge with federated access, creating identity groups across domains and geographies, and identities will be verified through decentralized protocols.
• Frictionless access that is dynamic, automated and code-driven; where passwordless authentication, biometrics, and other device-based authentication methods will be used to access physical and digital environments.

We discovered that an organization’s position across the horizons is determined by its maturity in four areas: strategy, technology & tools, operating model, and talent. Maturity can be measured based on specific capabilities across these 4 vectors. For example, at Horizon 1 tech capabilities are mostly manual, at Horizon 2 some capabilities are automated but with low adoption, at Horizon 3 most capabilities are adopted at scale, and at Horizon 4 and 5 there’s an advanced use of Al and integrated identity capabilities.

In 2023, we uncovered that privacy, customer experience, trust, and AI are the common fabric spanning the four elements of integration, dynamic trust models, universal/federated identities, and frictionless access. We predicted the following trends:

• AI: Accelerated adoption of Al in identity security, including the use of Al “copilots” and decision support models, will enhance security and user experience.
• New risks: Increased Al adoption also introduces risks, such as the potential for Al-driven identity compromise or social engineering attacks, emphasizing the need for better visibility, monitoring, and transparency in Al models and data security.
• Privacy, transparency, and user experience: Identity technologies will adapt to evolving regulations and user demands for privacy, incorporating new technologies like zero knowledge proofs, with an emphasis on enhancing the user experience.

It also became clear that the future of identity security is a race to preempt emerging threats. The security threat landscape is evolving faster than ever, putting pressure on organizations (and security professionals in particular) to establish a business case for aggressive advancement through the horizons.

Although about 8% of surveyed organizations made the jump from Horizon 2 to Horizon 3 over the prior year, only about 1% broke out of Horizon 1. These results reveal that the barriers at the start of the identity journey are often most difficult to overcome and that those organizations in Horizon 2 that made strategic investments in foundational identity capabilities were able to successfully advance to Horizon 3. Immature companies should aim to “leapfrog” to advanced capabilities that leverage SaaS, AI, and automation, which will likely help them scale faster.

In 2024, new trends have emerged that may complement the pillars of the future of identity:

• Machine identity management: With the rise of AI and automated bots, organizations need to manage more machine and service accounts, such as those used by copilots and machine learning models.
• Integrated identity data layer: An integrated data layer is key to generating actionable intelligence and insights, exemplified by the development of context-rich identity graphs to create unified employee and customer profiles.
• Context-aware policy enforcement: Access decisions are increasingly driven by AI-powered analytics, which use context-aware policies to enhance security through anomaly detection, identity pattern recognition, and behavior analysis.

The data is clear from our 2024 report: identity security is at the core of overall enterprise security. Organizations at Horizons 3 and 4 of their identity security evolution reap exponential benefits, including:

• 20-50% higher coverage of third-party and machine identities (the fastest growing category of identity types)
• 50% higher NIST CMMI scores
• 15-50% higher adoption of privileged access governance capabilities
• Ability to scale identity coverage and capabilities without growing their IAM workforces by improving efficiency with advanced IAM solutions and shifting from help desk to engineering-led support models

The path forward

We believe the value of identity security will continue to rise in the future as cyber threats multiply; legislators, regulators, investors, and insurers raise their security expectations; and customers, employees, and business partners increasingly seek trusted and seamless digital experiences.

To secure the future, enterprises should act now and harness the power of identity to overcome these challenges. The path to greater identity horizons has six main steps:

Get the full insights into our 3^rd annual Horizons of Identity Security survey and discover how you can advance your identity security program with a unified identity security solution.