As security perimeters dissolve and identity expands from people to connected devices, identity and access management (IAM) tools are more essential than ever to protect access and prevent incursions. “Identity has been at the heart of most every breach in the past two years,” said Richard Kneeley, PwC US Managing Director, Cybersecurity and Privacy. “Many of these breaches have involved someone gaining access by using compromised identity, then changing their identity once inside the network to ratchet up access to data and systems by taking over a privileged account and in the process gaining unlimited access to the network, to systems and to data .” While the number of organizations that have deployed IAM solutions has remained stable at about 50% in recent years, we’re seeing a trend toward adoption of cloud-based identity services. Among organizations that use managed security services, 60% say they have tapped service providers to handle their IAM programs. One of the key reasons is that clients typically find it difficult to hire and retain the skills needed to run an IAM system. IAM in the cloud often comes with trained operators and engineers who run the service. Another trend lies in adaptive authentication. As IT systems capture increasingly more information, businesses are starting to leverage additional data points to identify suspicious behaviors and patterns. Adaptive authentication employs data such as the user’s login time and location, patterns of access and type of device to create a risk-based access decision. If the application detects aberrant activity during a login attempt, it can require further authentication steps or halt the process altogether. 11 Key findings from The Global State of Information Security® Survey 2017 © 2016 PwC