AI implementation complicated identity management matters

In a recent SailPoint study, based on a survey of 375 IAM leaders worldwide, it was revealed that most organizations are still in the early stages of building mature identity programs.

The report underscores the importance of cleaning and standardizing identity data before deploying new tools. Organizations that follow this practice are far more likely to succeed. However, only a small percentage of organizations have reached higher maturity levels where identity controls are automated and adaptive.

Data quality is a significant issue, with identity data often fragmented across various HR systems, cloud services, and directories. This fragmentation makes it challenging to implement effective access controls and slows down automation efforts.

Sixty-three percent of organizations rely on manual processes and basic tools to manage user access, while less than four in ten currently govern AI agents. The report highlights a shift in identity management priorities, with machine identities and AI agents growing faster than any other type of identity. Yet, AI-driven identities and machine accounts are growing, but most security teams are not prepared to manage them at scale.

The study also revealed that progress is uneven. For every three organizations that advanced their identity capabilities in the past year, two regressed. This inconsistency could be attributed to the complexities involved in managing identities, particularly in the context of tailored integrations and governance policies required for each application.

The report shows that advanced organizations are moving toward identity systems that are both adaptive and automated, with AI playing a growing role. However, managing these identities requires different approaches, such as just-in-time access, dynamic privilege adjustments, and continuous monitoring.

Poor data hygiene undermines access controls and slows automation efforts. In fact, sixty percent of the respondents said their deployments missed timelines by at least a month, and almost half reported IAM projects that ran over budget.

The survey did not provide specific public sources identifying which organizations in Europe and Latin America are worst positioned in implementing AI-driven identity management. However, the report did note that technology and financial services companies are more likely to have reached higher maturity levels compared to healthcare, manufacturing, and many organizations in Europe and Latin America.

Only 14% of respondents reported a completely successful most recent IAM deployment. This statistic underscores the challenges organizations face in implementing effective identity management strategies. Without these controls, machine identities can accumulate excessive permissions or remain active after they are no longer needed, creating opportunities for attackers.

In conclusion, while the implementation of AI-driven identity management is growing, there is still a significant gap between the current state and what is needed for effective security. Organizations must prioritize data standardization, automation, and adaptive controls to stay ahead of the evolving threats in the digital landscape.