ThycoticCentrify has published new research that reveals promising cloud-based identity and access management (IAM) adoption in the enterprise space. The study, which surveyed 150 IT decision makers across the U.S., found that 89% of organizations have implemented best-of-breed solutions for IAM and/or privileged access management (PAM) in cloud environments, which are increasingly hybrid- or multi-cloud.
The research, commissioned by Centrify with CensusWide, identified how digital transformation has increased reliance on the cloud, and how the associated risks with this attack surface have impacted companies 12 months into the remote work period. The first half of the survey findings illustrated that 90% of cyberattacks on cloud environments this past year were caused by compromised privileged credentials. In response to this alarming trend, organizations are clearly stepping up cloud protection measures.
Nearly 40% of respondents said that managing multi-cloud environments was the most challenging aspect of the transition to the cloud, with more than three-quarters of companies reporting that their move to cloud began between 3-6 years ago. Adding to the complexity and identity sprawl, respondents said they were using separate IAM tools for each cloud environment.
The most prominent solutions being used to secure multi-cloud environments include privilege elevation and delegation management (57%), multi-factor (or two-factor) authentication (53%), and password vaulting (51%). The top three were trailed by single sign on (35%) and active directory (AD) bridging (25%).
“Digital transformation, accelerated by many organizations in early 2020, led to a sharp rise in identity sprawl in the enterprise, making credentials more vulnerable to attack than ever before,” said Art Gilliland, CEO, ThycoticCentrify. “On the heels of the inaugural Identity Management Day, the considerable adoption of cloud IAM solutions paints a hopeful picture for the future of protecting digital identities. Rather than using disparate tools for each cloud environment, however, companies should optimize their approach with comprehensive IAM and PAM platforms inherently built to control access across all cloud providers and minimize the attack surface.”