As we near the end of 2011 Hitachi ID Systems has run its first annual Data Security Survey to gauge organisations’ perception of their own IT security.

Survey background

Hitachi’s survey focused on Identity and Access Management (IAM) and had several “hundred” respondents from 16 different industries including agriculture, aerospace, construction media and retail.

The largest group of respondents (69%) employed less than 5,000 people

Key findings of the survey

  • 52% of businesses were “somewhat confident” in their Data Protection Measures
  • 39% of business had “some” Data Protection Measures in place
  • 33% of business said they had “strict” controls in place
  • 15% had privileged access management systems in place (who has all the keys to all the safes?)

More findings are in the graph below:

Sticking with Hitachi. Hitachi ID Systems CTO, Idan Shohamn “Looking Ahead to 2012” predicts the following as future trends in the IAM space:

1. Bring your own device (BYOD)

The “BYOD” trend is both unavoidable and troubling. Users, including executives, insist on the undeniable convenience of using their own, integrated and super-portable endpoint device. IT professionals are struggling to control access to sensitive corporate data on devices — which they do not control. It’s going to take a lot of innovation to resolve this conflict, but maybe we’ll see some progress in 2012.

2. Market Consolidation (in the IAM marketplace)

3. Identity and Access Management as a Service (IAMaaS)

Hosting an IAM system in the cloud (IAMaaS) and using it to manage identities and entitlements both inside the perimeter and in the cloud is still a new, risky game. This said, there will undoubtedly be some uptake in 2012, but just early adopters.

4. Identity Administration and Access Governance

Another interesting development in 2011 was the emergence of “access governance” as a separate product category, layered on top of “identity administration.” Currently, there are vendors in this market such as SailPoint, Aveksa and Approva (News – Alert). The thinking is that a requests portal, approvals workflows, access certification and policy enforcement should be layered on top of whatever IAM system an organization already has; something simple like incident management or more robust like a user provisioning system.

“In 2012, I predict that we will see the market begin accepting identity administration and access governance as two sides of the same coin. Here at Hitachi ID Systems, we used to provide a separate access certification product; at some point we realized this was a mistake and simply folded the features into our Identity Manager. I expect that some of our competitors will do the same in 2012; they may even clean up their user interfaces and lower their TCO.

So what does this mean for the “access governance” vendors? They have to learn to compete with the big boys. Their solutions need to scale; running access certification for just finance and HR users does not qualify as an enterprise solution. They will have to offer connectors. And password management. And user enrollment. While developing an aesthetically pleasing user interface to cover up old junk is okay to sell for a little while, it’s certainly not enough in the long run.”

The full article can be found here.