Here at Zilla Security, we’re always trying to understand the needs of both our current and future customers. Like any customer-centric company, we want to understand our customer’s IT environments, the people that are using and managing these environments, their key business drivers (e.g. compliance vs risk reduction), and the processes they’re using to achieve their goals. Everything changes, so we need to know both the current situation and the outlook going forward.
Given our focus on identity governance, we’re also naturally looking for more data to improve our perspective. And IGA has been around for decades—how hard could it be to find useful answers? Surely questions such as the following have well known answers:
- IGA automation must be pervasive at this point—but how pervasive?
- How has the migration from on-premises solutions to SaaS/Cloud impacted identity governance?
- In our new world, how long does it take to provision a new employee?
Boy, were we naive. No amount of Googling provided the answers, or even pointers to the answers. But rather than give up, we decided to research the questions ourselves, directly with a broad array of 300 Identity Management leaders at a variety of organizations. Working with Global Surveyz, we produced the industry’s first State of IGA Survey Report.
To make sure we captured the situation as experienced by both large and small companies, we split our survey 50/50 between companies with 250 to 1,500 employees and those with 1,501 to 15,000 employees. Wanting to make sure we covered a healthy mix of heavily regulated industries, as well as those that face more general compliance obligations, we chose 40% of respondents from organizations in the financial services sector, 25% from healthcare/pharma, and the remainder from other industries, with some limited exceptions.
The results were striking, and we think they provide everyone in the world of identity governance with a better sense of the problems facing organizations worldwide.
Looking at the example questions above, here’s what we found.
Q: Automation must be pervasive at this point—but how pervasive?
A: Automation isn’t pervasive at all! In fact, manual execution of crucial IGA tasks is the norm. Our survey indicated that fewer than 6% of companies have full automation in place. As a software solution, we provide automation to our customers—and we interact with those organizations who want to automate their security governance. So we encounter the 6%, plus the 6% wanna-bes, every day. Clearly most organizations are struggling with the manual effort of performing period identity governance tasks such as user access reviews. They need help.
Q: How has the migration from on-premises solutions to SaaS/Cloud impacted identity governance?
A: SaaS and Cloud have made a huge difference, and it seems to arise from the proliferation of applications, plus the fact that many are operated outside the control of IT. The key indicator from the survey relates to the earlier issue of automation – 83% say that the difficulty integrating with IGA systems is the primary cause of manual IGA processes.
Q: In our new world, how long does it take to provision a new employee?
A: Here again, the change in the IT environment seems to be having a large impact—from a smaller number of applications all under the control of IT to a larger number of applications often owned by individual business units. With application sprawl comes complexity in both user access reviews and provisioning. The survey showed this clearly, with more than half of businesses saying they can’t provision a new employee’s access and application permissions in under 7 days.
Answers to more questions
These are just a small sample of the many findings in the survey. The results surprised and enlightened us, and hopefully they add to the broader understanding of the state of identity governance, as well as how to best move forward as a community. We’ll be further discussing the survey findings during a live webinar next week, alongside Zilla CEO and co-founder Deepak Taneja, and Guidepoint Security’s IGA Practice Lead, Brian Cap. Register here to join the discussion.
To see the details, plus answers to many other questions, check out the 2025 State of IGA Survey Report. It’s free, and we’d love to share it with you.