The basics drive 2025 identity security investments
New identity security tech might steal headlines, but Informa TechTarget's Enterprise Strategy Group analyst Todd Thiemann shows the basics get the most attention from businesses.
- Todd Thiemann,
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
Despite all the buzz around innovations and new technology in identity security, the basics still drive the bulk of enterprise investments. Informa TechTarget's Enterprise Strategy Group just published its annual "2025 Technology Spending Intentions Survey," and getting the basics right continues to be the clear enterprise priority.
Enterprise Strategy Group surveys organizations every year for its technology spending intentions survey to understand key business and technology priorities that drive spending plans. A few things about identity security investments caught my eye in this year's results.
Top 4 identity security investment priorities
The "2025 Technology Spending Intentions Survey" showed the top four areas for identity-related security investment were MFA (40% of respondents), zero-trust security (37%), single sign-on (36%) and privileged account management (PAM) (30%).
Many other investment priorities were listed, but the four listed above were the clear lead priorities -- the next items on the list were seven percentage points behind PAM.
Organizations understand the importance of the basics, as illustrated by a 2024 Enterprise Strategy Group study focused on the state of identity security that revealed 80% of enterprises were making MFA mandatory for their workforces. Getting near to 100% MFA coverage is a nontrivial journey that requires budget, time and people. The "2025 Technology Spending Intentions Survey" found those investments continue to be at the top of the investment list.
Plenty of cybersecurity news articles talk about zero days and innovative approaches to esoteric threats, yet incident damage frequently comes from not doing the basics right. If you focus on cutting-edge topics, you might be skipping the basics. If you don't do the basics, your attack surface and potential incident blast radius expand. What could have been a minor issue nipped in the bud can become a major incident. The recent Salt Typhoon news provides an example of the downside: A major U.S. telecommunications carrier had a single admin account managing over 100,000 routers -- a situation PAM could have mitigated.
Investing for improved identity governance and administration
Identity governance and lifecycle management are table stakes for most enterprises, but the 2025 spending intentions survey showed it's an increasing priority, rising to sixth place this year from ninth in 2024.
Governing access across on-premises and cloud accounts provides an opportunity to rationalize what can be disparate technologies. Enterprises are looking to streamline governance processes around account access and privilege entitlement reviews, which can be burdensome for identity and application management teams.
Customer identity access management moves up
Customer identity access management (CIAM) also moved up the priority list in this year's survey. All enterprises have workforce identity and access management (IAM) or identity security programs, but many businesses also have customer identities to manage. Those CIAM use cases might be business-to-business or business-to-consumer.
CIAM moved up from 13th place to eighth, with 20% of respondents prioritizing it for 2025 versus 13% in 2024. I suspect this change has driven CIAM infrastructure previously maintained by a line of business to the identity security team, which can more effectively and efficiently manage and improve customer identities. Stay tuned for some research in the first half of 2025 on the fast-moving CIAM space that will confirm or clarify this and other CIAM hypotheses.
Identity security platform evolution
The "2025 Technology Spending Intentions Survey" offered participants the chance to select multiple responses from 23 identity security priorities. One item that ranked midway on the list at No. 13 was investing in an identity security platform (17%).
Unification or convergence in the form of vendors providing identity security platforms is happening in the identity security space, given the complexity and cost that can come with a proliferation of IAM tools. Enterprises want first and foremost to solve their identity security problems in an efficient and effective way, however. Adopting a platform is frequently the optimal way to do that, but identity security remains relatively fragmented, with enterprises typically having to weave together different technologies to come up with the optimal identity security portfolio for their diverse and changing needs.
If you are an innovator in identity security, whether it involves workforce or customer identities, I want to understand what you are doing. You can reach me on LinkedIn or send an email to [email protected].
Todd Thiemann is a senior analyst covering identity access management and data security for Informa TechTarget's Enterprise Strategy Group. He has more than 20 years of experience in cybersecurity marketing and strategy.
Enterprise Strategy Group is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
