The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, released a study titled, “2021 Trends in Securing Digital Identities,” based on an online survey of over 500 IT decision makers. The report examines the impact that the pandemic and increase in remote work had on Identity and Access Management (IAM) in the enterprise, as well as the implementation of identity-focused security strategies.

Over the last year, the shift to remote work has led to an increase in the number of identities and an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities. Four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. In accordance, the majority of organizations have made changes to better align security and identity functions, with one of those changes being increasing CISO ownership of IAM.

Despite additional security challenges introduced in 2020 with more identities, exponential remote access, and more personal devices, the number of identity-related breaches remains flat. 79% of organizations experienced an identity-related breach within the past two years, the same as reported in a previous study conducted by the IDSA in April 2020. Increased attention also appears to be correlating with increased investment, as nearly all organizations will be investing in identity-related security outcomes in the next two years.

“The past year forced organizations to recognize the importance of securing digital identities, whether maintaining employee productivity through secure access from anywhere, using any device, or transforming engagement with customers to secure online services,” said Julie Smith, executive director of the IDSA. “If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”


Key Research Findings

Remote work has significantly impacted identity security

  • 83% report that remote work due to COVID-19 increased the number of identities
  • 80% say the shift to remote work increased focus on identity security
  • Confidence in the ability to secure employee identities dropped from 49% to 32% in the past year


Breaches are still prevalent, but investments in targeted prevention are accelerating

  • Identity breaches are not increasing, but they are having an impact on organizations
  • At least 70% report they began implementation or planning of identity-related security outcomes in the past two years
  • 97% will make investments in identity-related security outcomes over the next two years
  • 93% believe they might have prevented or minimized security breaches by using identity-related security outcomes


Security is taking a broader role in identity management, with positive effects

  • 64% report that they have made changes to better align security and identity functions within the last two years
  • 87% report the CISO has a leadership role when it comes to IAM, a dramatic contrast to 53% that said the same about the security team in 2019
  • Organizations where the CISO has ownership of IAM are more likely to say the security team has an excellent understanding of their identity strategy and implement identity-related security outcomes


Identity Defined Security Alliance Resources

An Identity Defined Security Outcome is a desired result that improves an organization’s security posture and reduces the risk of an identity-related breach or failed audit. According to the report, 93% of organizations believe that the IDSA’s Identity Defined Security Outcomes may have prevented or minimized the impact of the breaches they suffered. Included with each Identity Defined Security Outcome are vendor-neutral implementation approaches, which are well-defined patterns that combine identity and security capabilities. To view the full library of outcomes, visit

To download the full report, visit