CIOs are driving innovation, while the CISO’s mission is to ensure information assets and technologies are adequately protected while reducing risk. As the strategy around identity and access management (IAM) has changed and machine identity management becomes crucial, these two roles need to work together to build a comprehensive strategy.
CIOs and CISOs know how their responsibilities differ and believe that CIO budget and IT plans should play a part in security budgets and staffing levels
In general, CIOs and CISOs understand how their responsibilities and objectives differ within their company.
84% of respondents do not believe that security budgets and staffing levels should be independent of the CIO budget and IT plans.
Machine Identities remain a lower priority in IAM strategies for most, especially for CISOs
For most CIOs and CISOs, the top three IAM priorities for 2021 are user authentication (71%), privileged access management (62%) and cloud IAM & governance (54%).
Although machine identity management is less often a priority, 95% of security leaders are confident that their IAM strategy can secure and protect machine identities from cyber attacks.
And 88% of respondents agree that they treat machine identities with the same level of policy and protection as user identities.
But when strategic plans for IAM strategy are developed, 79% of respondents say machine identities are only sometimes included in planning, followed by 11% who say they’re rarely included in planning.
CIOs and CISOs are not entirely familiar with or involved in management of machine identities, but remain confident in their team’s ability to manage them
71% of CIOs and CISOs are only moderately familiar or involved with the use and management of machine identities in their business, with only 16% stating that they’re very familiar or involved.
Despite this limited familiarity, 90% of respondents are confident in their team’s ability to manage machine identities.
There may be a desire to increase investment in Machine Identity Management
The majority of respondents (73%) believe that their organization is invested correctly in securing machine identities compared to their investment in user identity and access management, but one-quarter (25%) say they are underinvested.
When it comes to devices and workloads, CIOs and CISOs are most concerned about web server infrastructure (62%), virtual machines (62%), and containers (49%).
Given more budget, most (40%) respondents would invest in cloud infrastructure, followed by automation and orchestration tools (34%).
Respondent Breakdown
