Enterprise cybersecurity leaders face a number of challenges when it comes to authentication and identity & access management (IAM) in their network environments.

A survey from Axiad and conducted by Censuswide asked 252 U.S. security and IT executives in organizations of 2,500 or more employees across a broad variety of industry sectors to identify which IAM and authentication issues affected their organizations. Respondents pointed to several internal challenges that prevent them from addressing authentication in a systematic fashion across the organization, including the variety of identity types to protect; numerous authentication methods used internally; varied operating systems in use; and existing investments in identity and access management that are often not interoperable.

Challenges of organizational IAM are highlighted below:

  • 70% of respondents have three or more IAM ecosystems in use; 52% have four or more
  • 83% said they have both Windows and MacOS operating systems in place; almost half (46%) said they must authenticate against Linux as well
  • 89% use 3 or more authentication methods — the most popular are software one time passwords (OTP), passwords and mobile push authentication — 60% use more than 5

This internal complexity often forces organizations to operate numerous, often disconnected, authentication strategies across the organization, which creates gaps and inconsistencies that can be exploited by bad actors.

In addition, security and IT professionals are challenged by external factors such as regulatory requirements, which impact how an organization must authenticate and vary widely according to vertical markets, international standards and the public sector. More than half of the organizations surveyed (54%) must comply with four or more regulatory requirements, and 38% must comply with 5 or more. The top regulatory and compliance requirements noted by respondents include ISO/IEC 27002, HIPAA, SOX and GDPR.

Find more survey results here.