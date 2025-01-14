SailPoint Technologies, Inc. released the findings from the 2024-2025 edition of its annual research report, ‘The Horizons of Identity Security.’ This year’s report reveals that while most organisations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent​.

The value of identity security remains largely untapped today. Of the organisations surveyed, roughly 41% remain at the very beginning of their identity security journey with only 10% progressing to the more advanced stages; this large gap highlights the significant opportunities for organisations to realise the full potential of identity security.

Our research suggests that organisations that mature their identity security practice can “bend” the identity security-to-value curve, delivering disproportionate economic impact. These disproportionately higher returns are observed through three key factors: reduced cyber risk, increased business value, and improved productivity. More mature organisations gain disproportionate reductions in risk, higher topline business value, and increased workforce productivity.

“APJ organisations are concerned about changes in access models due to M&A and divestures, and talent shortage around AI/ML especially as new AI regulations have been introduced in several markets. With strategic investment in identity security, APJ businesses can achieve enhanced capability coverage and data analytics, automation, lower cyber insurance premiums, and improved compliance,” said Chern-Yue Boey, Senior Vice President, APJ, SailPoint. “With the right technology, strategy and expertise, organisations can attain identity security maturity and gain higher returns with increased maturity.”

The 2024 Horizons of Identity Security report outlines several areas where mature identity security programs have progressed and unlocked new value pools, such as:

Stronger coverage of machine identities, the fastest growing identity class: Organisations with mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented with organisations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organisation, and one-third of respondents expect machine identities to increase by 30% in the next year.

Organisations with mature identity security have 87% more coverage of non-human or machine identities, such as bots, compared to 28% for organisations in the early stages of their identity journey. This is significant because survey results also indicate that machine identities are highly fragmented with organisations and likely to grow faster than any other identity class. According to past survey results, machine identities represent more than 40% of total identities within a given organisation, and one-third of respondents expect machine identities to increase by 30% in the next year. Higher coverage of third-party identities: Organisations with mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface.

Organisations with mature identity security have up to 50% higher coverage of third-party identities compared to those in the early stages of their identity journey. Third-party identities are an increasingly important identity class as more and more businesses are turning to third-party providers for critical services, therefore increasing the attack surface. Leveraging identity data intelligence: Organisations with mature identity security are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk.

Organisations with mature identity security are two times more likely to leverage identity data to create actionable intelligence and power new use cases such as intelligent guidance for user access, context-aware security policies, and intelligent access reviews. This is significant because it can enable more accurate and timely access decisions, a key to reducing security risk. Higher adoption of AI and willingness to invest in GenAI: Organisations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity. Organisations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritising tools for workflow creation, user entitlements, role descriptions, and natural language search. Alternatively, most early-stage organisations remain focused on automating basic help desk tasks.

Organisations with mature identity security have nearly two times higher adoption of AI-powered identity solutions, which has proven to create scalable solutions and enhance productivity. Organisations with mature identity security have the foundations to invest in scalable GenAI-powered use cases, prioritising tools for workflow creation, user entitlements, role descriptions, and natural language search. Alternatively, most early-stage organisations remain focused on automating basic help desk tasks. Lower cyber insurance premiums: 92% of survey respondents report that insurers assess their cyber capabilities before setting premiums. Interestingly, more than 7 in 10 identity security decision makers view identity security as one of the three most impactful security capabilities determining cyber insurance premiums.

Over the last three years, our research and experiences have confirmed that the future of identity security will be shaped by integrated identity programs across diverse technology environments. This integration includes unified access controls providing visibility across all identity types, integration with security operations, and support for machine identity management and actionable intelligence. Additionally, with advanced next-generation identity security, access decisions are increasingly driven by AI-powered analytics, which use context-aware policies to enhance security through anomaly detection, identity pattern recognition, and behavior analysis. Organisations can utilise these next-generation capabilities to set the north-star vision to reach the future of identity security.

A SailPoint customer, RWE reached identity security maturity in just six months. RWE’s identity security transformation included moving from on-premises manual identity management to a cloud, AI-driven solution enabling identity security at scale. The company was able to implement more comprehensive coverage, scaling its identity security from 2.5K to roughly 30K user accounts. Notably, it reduced onboarding time from 25 days to less than 3 hours on average, improving productivity. And—key to maturing an identity security program—RWE implemented a unified approach to identity, moving from zero to 30 business units sharing an identity strategy. These findings underscore that committed investments in identity security help organisations safeguard their assets and gain competitive advantages in the digital age.