Enterprise Strategy Group (ESG) Principal Analyst Todd Thiemann released his latest research on identity security, titled “Identity Security at a Crossroads: Balancing Stability, Agility, and Security.”
The findings make one conclusion clear: with identity security growing more complex, teams believe consolidating capabilities into a single platform is a must to ensure visibility into what employees and non-human identities are accessing, acting on, and connecting to within their environments.
Todd opens the report with the following note to readers: “Workforce identity security is in a state of flux, with changing enterprise infrastructure, an expanding application portfolio to integrate, and sprawling cloud deployments that are exposing unsolved problems, inefficient processes, and fragmented solutions.”
Through the study, ESG surveyed 370 IT and cybersecurity decision-makers across multiple industries, mostly comprising organizations with at least 1,000 or more employees. The goal of this research is to identify and quantify major pain points for leaders managing identity security in their organizations and uncover trends that show how they plan to tackle those concerns.
In this blog, we’ll unpack key findings from the research and explain what it means for organizations’ shifting priorities.
Ready to skip straight to the research? Download the Report here.
70% of teams plan to expand usage of an existing tool to cover a new use case in the next 12-18 months
In addition to organizations expanding usage of existing tools, 62% of organizations plan to implement a net new tool to satisfy a use case, hinting that current solutions may be inadequate to satisfy evolving priorities. We’ll get into what those “evolving priorities” are later, but in the meantime it’s important to unpack the desire to consolidate or adopt new tools.
In the study, participants were asked “What identity solutions are currently in use or expected to be in the next 12-24 months?” Across 18 functional areas including MFA, NHI security, ITDR, and more, nearly half of organizations reported that they use multiple solutions for each. In fact, identity teams “use an average of 11 tools, and the proliferation of tools leads to operational complexity, poor visibility, and identity silos.” If you’re an identity security practitioner looking for an MFA solution (as an example), ESG research shows that 46% of teams aren’t just using one tool for MFA, they’re using multiple. Add in the complexity of 18 functional areas to satisfy? The idea of “tool sprawl” doesn’t even begin to cover what teams have been working with.
What factors drive the tool sprawl?
- 52% report that cloud adoption plays a factor
- 51% cite cyber insurance requirements
- 48% note that they need separate tools for separate environments (like on-prem versus cloud)
- The list continues on page eight of the report
With 46% of organizations managing anywhere from 500-2,499 business applications, consolidation is now a necessity. With a unified identity security platform, teams can gain the comprehensive visibility they need, uncover powerful context across the organization, and make insights-based decisions made possible by having the full picture.
67% of teams are concerned about NHI Security, while 52% believe AI agent adoption raises data privacy issues
Non-human identities include identities like service accounts and API keys. While teams are concerned about securing NHIs, very few have deployed an NHI-specific security tool. Instead, 77% of them are choosing identity security or IAM platforms to tackle NHI security. Again, enterprise identity security teams demonstrate that folding in NHIs into their entire identity security strategy rather than selecting a point solution leads to stronger security outcomes.
Teams report that securing AI agents is now on their radar, too. Data privacy is the top concern, but other sources of uneasiness around AI agents include “Failure of human oversight” and “Control of AI agents falling into adversary hands.”
The truth is, AI agents are not machines, nor are they human. They lie somewhere in between and therefore need to be treated as their own category of identity. An AI Agent security solution needs to address these concerns, so every AI agent is tied to a human and has the proper policies in place to prevent (and detect) improper activity.
Identity Security investment will keep growing—get the research to learn more
91% of organizations surveyed consider identity security one of their top five priorities in the next 12-24 months, with 42% expressing it is the number one priority.
As areas like AI agent security, ITDR, and ISPM become critical to an organization’s overall identity security strategy, teams need to consider how to balance a growing number of focus areas alongside having the right tools to provide the full context needed to make informed decisions for the business.
As ESG’s research uncovers, tool consolidation offers a path to accomplish those goals, with identity security platforms offering the highest chance of meeting the desired outcomes. In fact, a top motivator for many participants (24%) to evolve their existing identity security portfolios was “cost savings because of vendor consolidation,” validating that this approach saves money while optimizing resource utilization.
Download the complete research today to see how your identity security peers are tackling top concerns and where they plan to invest to achieve their goals in 2025 and beyond.