Identity security maturity assessment

Question 1 of 6

Is your identity security strategy understood & utilized across your organization & aligned to your overall business strategy?

No strategy

We do not have an organization-wide identity strategy.

Limited strategy

Very low adoption rate & focus is usually a tactical response to external stresses such as a compliance or security breach.

Identity is a focus

Our identity program is digitized & scaled with wide adoption across our organization.

Strong strategy

Our identity program is a strong enabler for business transformation, innovation and security resilience.

Very strong strategy

Our IAM strategy is a pillar of our broader organization’s innovation strategy.

Which option below represents your identity team’s operating model (i.e., the way identity services are managed across your organization)?

Not managed at all

Most forms of identities (e.g., employee, third parties, machines) are managed ad hoc in silo groups or not managed at all.

Somewhat managed

Identity management is mostly reactive and focused on fulfillment of service tickets, such as creating accounts.

Managed

Centralized IAM, organized based on specific tools (e.g., a team for directory services, a team for identity governance tools).

Strongly managed

Centralized IAM, organized on a product operating model with agile teams; there is a continuous drive for automation and AI.

Very strongly managed

Enables collaboration with external entities; it is a key control point to engage with our workforce & customers.

Which team manages the majority of identity security tasks and responsibilities within your organization today?

Help desk

Help desk staff mostly manages provisioning and deprovisioning access.

Help desk & IT-focused

Composed of mostly help desk staff along with a general IT team who maintains some basic identity tools.

Identity tool-centric

Tool/Product-focused teams doing development on specific identity tools and supported by help desk and IT support staff.

Innovation-focused

Data scientists or automation engineers along with identity product engineers; very lean help desk and IT support.

Distributed talent

Spans beyond the enterprise boundaries; collaboration with other companies & industry forums enable distributed identity capabilities.

How would you rate your organization’s technical capabilities when adopting new identity tools?

Very limited

Either no tools or some legacy directory and access management tools.

Some

Some identity tools implemented but with low adoption across our organization.

Capable

Identity tools have been adopted across the majority of our organization.

Strong

Capabilities adopted at scale and integrated with SecOps – detection and response correlated with identity.

Very strong

IAM capabilities adopted at scale and integrated with SecOps; our organization supports the future of identity.

Which most closely aligns to your IAM automation capabilities (e.g., account creation, access provisioning, access reviews)?

No automation

Most if not all capabilities are manual (manual fulfillment of access, access reviews).

Some automation

Some capabilities are automated but the majority are performed manually.

Mostly automated

80%+ identity capabilities our transactions are automated. Additional capabilities adopted at scale.

Highly automated

Highly automated capabilities with AI driving decisions based on risk estimation.

How would you rate your organization’s technical capabilities toward coverage of additional identities?

No coverage

No IAM program coverage of machine identities and environments such as cloud and SaaS applications.

Limited

Limited coverage of additional identities like machine identities. Platforms such as cloud & SaaS apps are mostly manually managed.

Good

Additional identities such as machine identities and environments including cloud and SaaS are managed at scale and automated.

Very good

Identity coverage spans most identities and environments are linked to data governance and cloud workload level access.

You’re almost there!

Complete the form below to instantly receive your personalized assessment.

The results are in!

You are in horizon _

Your assessment summary
Your identity program is …

Your identity program gets some attention, but there’s low adoption of technical capabilities, and resources for your identity program are mostly based on tactical response to some external stress (i.e. regulatory).

You should be …

The target state uses your identity program as a strategic enabler for business transformation, innovation, and security resilience. Your program becomes widely adopted across the organization and many identity processes are automated.

Results by category

Strategy

YOUR RESULTS

Horizon X

Your ​identity strategy is formalized and owned by a central function. Metrics to measure IAM program impact are mostly ad hoc or manual

Recommendation

How to get to Horizon 4

The target state requires ​that your IAM strategy is formalized, owned by a central function, and measured through automated tools, and also feeds into innovation and other predictive capabilities.

Operational model

YOUR RESULTS

Horizon X

Your ​identity strategy is formalized and owned by a central function. Metrics to measure IAM program impact are mostly ad hoc or manual

Recommendation

How to get to Horizon 4

The target state requires ​that your IAM strategy is formalized, owned by a central function, and measured through automated tools, and also feeds into innovation and other predictive capabilities.

Talent

YOUR RESULTS

Horizon X

Your ​identity strategy is formalized and owned by a central function. Metrics to measure IAM program impact are mostly ad hoc or manual

Recommendation

How to get to Horizon 4

The target state requires ​that your IAM strategy is formalized, owned by a central function, and measured through automated tools, and also feeds into innovation and other predictive capabilities.

Tech capabilities

YOUR RESULTS

Horizon X

Your ​identity strategy is formalized and owned by a central function. Metrics to measure IAM program impact are mostly ad hoc or manual

Recommendation

How to get to Horizon 4

The target state requires ​that your IAM strategy is formalized, owned by a central function, and measured through automated tools, and also feeds into innovation and other predictive capabilities.

Download your report

Your download will contain a PDF of your personalized results plus a copy of the full horizon content from the beginning of this assessment