IAM & MACHINE IDENTITIES SURVEY

CIO and CISO Priorities for IAM and Machine Identity Management

Pulse and Keyfactor surveyed 100 CIOs and CISOs to understand their priorities around Identity and Access Management (IAM).

CIOs are driving innovation, while the CISO’s mission is to ensure information assets and technologies are adequately protected while reducing risk. As the strategy around identity and access management (IAM) has changed and machine identity management becomes crucial, these two roles need to work together to build a comprehensive strategy.

Scroll for key takeaways

CIOs and CISOs know how their responsibilities differ and believe that CIO budget and IT plans should play a part in security budgets and staffing levels

In general, CIOs and CISOs understand how their responsibilities and objectives differ within their company.

84% of respondents do not believe that security budgets and staffing levels should be independent of the CIO budget and IT plans.

Machine Identities remain a lower priority in IAM strategies for most, especially for CISOs

For most CIOs and CISOs, the top three IAM priorities for 2021 are user authentication (71%), privileged access management (62%) and cloud IAM & governance (54%).

Although machine identity management is less often a priority, 95% of security leaders are confident that their IAM strategy can secure and protect machine identities from cyber attacks.

And 88% of respondents agree that they treat machine identities with the same level of policy and protection as user identities.

But when strategic plans for IAM strategy are developed, 79% of respondents say machine identities are only sometimes included in planning, followed by 11% who say they’re rarely included in planning.

CIOs and CISOs are not entirely familiar with or involved in management of machine identities, but remain confident in their team’s ability to manage them

71% of CIOs and CISOs are only moderately familiar or involved with the use and management of machine identities in their business, with only 16% stating that they’re very familiar or involved.

Despite this limited familiarity, 90% of respondents are confident in their team’s ability to manage machine identities.

There may be a desire to increase investment in Machine Identity Management

The majority of respondents (73%) believe that their organization is invested correctly in securing machine identities compared to their investment in user identity and access management, but one-quarter (25%) say they are underinvested.

When it comes to devices and workloads, CIOs and CISOs are most concerned about web server infrastructure (62%), virtual machines (62%), and containers (49%).

Given more budget, most (40%) respondents would invest in cloud infrastructure, followed by automation and orchestration tools (34%).

Respondent Breakdown

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.