CRA Study: When IAM Security Conflicts With User Experience

Published on
April 13, 2023

Complex products, Shadow IT and user experience disruptions are key challenges identified in latest CRA Business Intelligence survey

New York, NY, April 13, 2023 - Organizations are pushing ahead with security measures to ensure only the right users can access the right information under the right conditions. But such efforts are challenged by Shadow IT (i.e., employee use of technology not supported by IT) and solutions that hobble the user experience.

That’s according to new research from CyberRisk Alliance Business Intelligence, the research and content arm of cybersecurity data and insights company CyberRisk Alliance (CRA), which surveyed 203 security executives, administrators, managers, directors and compliance practitioners from North America in December 2022 and January 2023. The study objective was to measure how well (or not so well) organizations’ IAM improvement efforts are faring.

“It can be difficult at times to find the balance between a better, streamlined user experience and a high-security practice,” said one security practitioner.

Key takeaways:

  • Organizations blaze a path to IAM adoption. 44% of respondents have implemented IAM advancements in part or in full while 19% are developing a new IAM strategy and 26% are now giving IAM enhancements serious consideration. Successful respondents have chosen various paths to deployment: 22% are opting for an on-prem configuration, 24% for a cloud-based setup and 25% adopted a hybrid model blending on-prem and cloud solutions.
  • Shadow IT and tech complexity are problems. A large majority (92%) of respondents anticipate that implementing IAM enhancements will be moderately to highly difficult. Top challenges revolve around eliminating shadow IT, establishing a zero-trust based architecture, and having the funds to support IAM improvements. Another major concern is how organizations can effectively introduce IAM policies to enhance security in a way that does not disrupt business processes or frustrate the user experience.
  • IAM goals: secure data, cloud, and work-from-home environments. IAM progress is largely motivated by a desire to get ahead of the growing pains of transforming today’s workforce. Current IAM efforts prioritize multifactor authentication (84%), single sign-on (77%), role-based access control (67%), and enforcement of unique passwords (82%).
  • IAM complexity is impeding adoption. Respondents worry about the complexity of IAM products and how they can strain the user experience. A large majority of respondents (80%) are currently focused on endpoint security as part of their IAM strategies and programs. Just over half (56%) are focused on user experience, and another one-third are planning to focus on it.

For more detailed findings and analysis, the full research report is available for download here.

About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, Security Weekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, the peer-to-peer CISO membership network, Cybersecurity Collaborative, and now, the Official Cyber Security Summit and TECHEXPO Top Secret. Click here to learn more.

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.