Industry Perception of Security Challenges with Identity Access Management Solutions

TL;DR

This study explores security challenges and perceptions of cloud and on-premise IAM solutions through interviews with cybersecurity professionals, highlighting key vulnerabilities and trust issues in different deployment models.

Contribution

It provides empirical insights into security concerns and perceptions of IAM solutions from industry professionals, comparing cloud and on-premise implementations.

Findings

Cloud IAM faces issues like default configs and poor management of non-human identities.

On-premise IAM struggles with multi-factor authentication and password policies.

41% of respondents believe on-premise solutions are more secure than cloud-based ones.

Abstract

Identity Access Management (IAM) is an area posing significant challenges, particularly in the context of remote connectivity and distributed or cloud-based systems. A wide range of technical solutions have been proposed by prior research, but the integration of these solutions in the commercial sector represent steps that significantly hamper their acceptance. The study aims to outline the current perception and security issues associated with IAMs solutions from the perspective of the beneficiaries. The analysis relies on a series of interviews with 45 cyber security professionals from different organisations all over the world. As results showed, cloud IAM solutions and on premises IAM solutions are affected by different issues. The main challenges for cloud based IAM solutions were Default configurations, Poor management of Non-Human Identities such as Service accounts, Poor certificate management, Poor API configuration and limited Log analysis. In contrast, the challenges for on premise solutions were Multi Factor Authentication, insecure Default configurations, Lack of skillsets required to manage IAM solution securely, Poor password policies, Unpatched vulnerabilities, and compromise of Single-Sign on leading to compromise of multiple entities. The study also determined that, regardless the evolving functionality of cloud based IAM solutions, 41% of respondents believe that the on premise solutions more secure than the cloud-based ones. As pointed out by the respondents, cloud IAM may potentially expose organisations to a wider range of vulnerabilities due to the complexity of the underlying solutions, challenges with managing permissions, and compliance to dynamic IAM policies.