The 2025 State of IGA Survey is Available Now

by | Jan 16, 2025

Here at Zilla Security, we’re always trying to understand the needs of both our current and future customers. Like any customer-centric company, we want to understand our customer’s IT environments, the people that are using and managing these environments, their key business drivers (e.g. compliance vs risk reduction), and the processes they’re using to achieve their goals.  Everything changes, so we need to know both the current situation and the outlook going forward.

Given our focus on identity governance, we’re also naturally looking for more data to improve our perspective. And IGA has been around for decades—how hard could it be to find useful answers? Surely questions such as the following have well known answers:

  • IGA automation must be pervasive at this point—but how pervasive?
  • How has the migration from on-premises solutions to SaaS/Cloud impacted identity governance?
  • In our new world, how long does it take to provision a new employee?

Boy, were we naive. No amount of Googling provided the answers, or even pointers to the answers. But rather than give up, we decided to research the questions ourselves, directly with a broad array of 300 Identity Management leaders at a variety of organizations. Working with Global Surveyz, we produced the industry’s first State of IGA Survey Report.

To make sure we captured the situation as experienced by both large and small companies, we split our survey 50/50 between companies with 250 to 1,500 employees and those with 1,501 to 15,000 employees. Wanting to make sure we covered a healthy mix of heavily regulated industries, as well as those that face more general compliance obligations, we chose 40% of respondents from organizations in the financial services sector, 25% from healthcare/pharma, and the remainder from other industries, with some limited exceptions.

The results were striking, and we think they provide everyone in the world of identity governance with a better sense of the problems facing organizations worldwide.

Looking at the example questions above, here’s what we found.

Q: Automation must be pervasive at this point—but how pervasive?

A: Automation isn’t pervasive at all! In fact, manual execution of crucial IGA tasks is the norm. Our survey indicated that fewer than 6% of companies have full automation in place. As a software solution, we provide automation to our customers—and we interact with those organizations who want to automate their security governance. So we encounter the 6%, plus the 6% wanna-bes, every day. Clearly most organizations are struggling with the manual effort of performing period identity governance tasks such as user access reviews. They need help.

Q: How has the migration from on-premises solutions to SaaS/Cloud impacted identity governance?

A: SaaS and Cloud have made a huge difference, and it seems to arise from the proliferation of applications, plus the fact that many are operated outside the control of IT. The key indicator from the survey relates to the earlier issue of automation – 83% say that the difficulty integrating with IGA systems is the primary cause of manual IGA processes.

Q: In our new world, how long does it take to provision a new employee?

A: Here again, the change in the IT environment seems to be having a large impact—from a smaller number of applications all under the control of IT to a larger number of applications often owned by individual business units. With application sprawl comes complexity in both user access reviews and provisioning. The survey showed this clearly, with more than half of businesses saying they can’t provision a new employee’s access and application permissions in under 7 days.

Answers to more questions

These are just a small sample of the many findings in the survey. The results surprised and enlightened us, and hopefully they add to the broader understanding of the state of identity governance, as well as how to best move forward as a community. We’ll be further discussing the survey findings during a live webinar next week, alongside Zilla CEO and co-founder Deepak Taneja, and Guidepoint Security’s IGA Practice Lead, Brian Cap. Register here to join the discussion. 

To see the details, plus answers to many other questions, check out the 2025 State of IGA Survey Report. It’s free, and we’d love to share it with you.

Author

  • Mark Jaffe, CMO of Zilla, smiles at the camera wearing glasses and a black polo shirt.

    Mark is an accomplished high tech CEO, CMO, VP Strategy, VP Sales and Board Director, with a strong track record, and keen interest, in rolling out disruptive products, delighting customers, developing game-changing partnerships, and driving company growth.

    Prior to joining Zilla Security, Mark guided growth at numerous cybersecurity startups. As Illusive’s CMO, Mark repositioned Illusive as an Identity Threat Detection and Response (ITDR) provider, which resulted in the company’s acquisition by Proofpoint. He founded Prelert and served as its Chief Executive Officer thru its 2 funding rounds, growth to become the market leading anomaly detection solution for Splunk and Elastic, and eventual acquisition in 2016. Earlier, he served as the Worldwide Vice President of Firewall and Behavioral Analysis Sales at McAfee, where he was instrumental in integrating products into the McAfee solution portfolio, ramping sales and growing the sales organization of a $100M+ business. Prior to McAfee, Mark built and led sales organizations at software startups Securify, Axentis, OnLink and JYACC, consistently growing revenues 30-100% year on year. At OnLink Technologies, Mark grew revenues from 0 to $20M in under 2 years, leading to the acquisition of OnLink by Siebel Systems for $609M.

    View all posts Chief Strategy and Marketing Officer

Recent Posts

Identity Governance Agony – A Discussion on the State of IGA Report

Zilla Security recently held a webinar to discuss the recently unveiled 2025 State of IGA Survey results. Zilla’s Chief Strategy Officer, Mark Jaffe, facilitated a discussion with two experts in the world of IGA – Brian Cap, IGA Practice Director at GuidePoint Security, and Zilla’s own Co-Founder and CEO, Deepak Taneja.

Deploying Zilla’s Modern IGA On-Prem: A New Approach for Azure Customers

Discover how Zilla’s PO Box deployment strategy for Azure enhances security, flexibility, and control for hybrid and on-prem environments. Learn about customizable deployment options using Azure Portal, CLI, or PowerShell to streamline identity governance for hybrid enterprise infrastructures.

The Power of AI-Driven Pre-Approvals

Discover how Zilla’s AI-powered pre-approvals reduce identity governance efforts by streamlining provisioning and eliminating redundancy in user access reviews. Pre-approvals help eliminate role management headaches, reduce access review efforts by 75%, and enhance security.

Strategies for Managing Non-Human Identities

Non-human identities can pose unique security challenges. Learn how to enhance security with accountability, access reviews, AI-powered tools, and the principle of least privilege, as part of a comprehensive identity governance strategy.