Technical debt hinders modernisation of identity systems

A recent survey conducted by the Cloud Security Alliance (CSA) reveals that over half of organisations identify technical debt as the primary obstacle to modernising their identity systems.

The report, titled "State of Multi-Cloud Identity: Insights and Trends for 2025", was commissioned by Strata Identity and highlights the challenges companies face in securing cloud environments. The survey uncovered that 71% of respondents cite incompatibility with non-standard, legacy applications as a significant barrier to deploying advanced application authentication.

Furthermore, the report states that two-thirds of organisations manage two or more identity providers (IDPs), with 65% of respondents identifying the management of access controls and consistent security policies across disparate system as a major concern.

Hillary Baron, lead author and Senior Technical Director for Research at CSA, commented on these challenges stating, "As enterprises accelerate their adoption of multi-cloud, they're encountering significant obstacles in harmonising hybrid and cloud identity systems for secure integration. High costs related to IAM technical debt, a significant talent gap, vendor lock-in, and the complex task of rewriting legacy applications are impeding progress and slowing innovation."

She added, "It's essential that organisations address these challenges, not only for security and compliance but for operational efficiency and business agility, as well."

The survey also highlights the complexity of managing multiple IDPs, with 75% of organisations managing at least two IDPs. Interestingly, 11% are managing five or more IDPs. About 73% of organisations believe that improved visibility is crucial for effective risk management, yet over a third still have uncertainties about monitoring key areas within their IAM environments.

In terms of strategic investments, despite economic pressures, most companies are either maintaining or increasing their identity management budgets. Priorities include identity analytics and visibility (53%), legacy system modernisation (50%), and IAM availability and resilience (43%).

Concerns about IAM resilience are prevalent, as only 38% of organisations have fully implemented measures to ensure continuous availability of identity services, while a small percentage (6%) admit to having no such measures. This vulnerability leaves many enterprises exposed to identity service outages and disruptions.

Eric Olden, CEO of Strata Identity, commented on the findings by stating, "These findings clearly demonstrate that organisations want and need to migrate from legacy identity systems to modern cloud identity providers but are struggling with the technical debt of having to rewrite applications and manage access across multi-cloud and hybrid identity environments." He explained the potential solution offered by identity orchestration as a means to modernise systems without refactoring applications, allowing unified access control and policy enforcement.

To compile the report, CSA conducted the survey online in June and July 2024. Participants comprised 950 IT and security professionals from diverse organisations globally, with data analysis and interpretation carried out by CSA's research analysts. The survey stands as the first of its kind for CSA, with independent sponsors supporting the research without having added influence on the report's content.