User identity management and governance is emerging as a top challenge for chief information security officers.

That’s according to a new report today from the investment arm of Cisco Systems Inc., in partnership with Forgepoint Capital LP, NightDragon Group LLC and Team8 LP.

The “CISO Survival Guide” digs into how today’s enterprises face a constant battle of identifying and preventing attacks from anywhere and everywhere. With the types of attacks constantly expanding and the number of security solutions growing by the hour, CISOs and security leaders are eager to understand what’s around the corner and how to prepare.

The top finding in the report is that a lack of a unified platform across identity access management, or IAM, as well as identity governance and administration and privileged access management, results in a balkanized identity topology within enterprises. CISOs view this as a critical pain point and a desired focus for future innovation.

The report highlights how its present state, IAM and related solutions require manual tuning to be tailored to customer environments, increasing friction and adding cycles at a time when increasing security risks demand greater efficiency. In the current market with its security challenges, cloud infrastructure entitlements management was found to be gradually gaining prominence as a spending priority for customers. Many of those polled in the report were found to be actively leveraging cloud security providers’ native offerings.

Some 85% of CISO and information technology decision-makers polled for the report were found to prioritize IAM investments more highly than other security solutions. Nearly a quarter of respondents reported that user and device identity management is a top priority and more than half of respondents noted that the continuous evolution of Identity was the top reason companies failed to hit their IAM goals.

Reports about IAM and security are not often funny, but one key takeaway from the report was that CISOs are sick and tired of acronyms, particularly in the security and identity industry. They’re not wrong, but this may be one of the first times someone has said it out loud.

“Every week sees the creation of a new Identity category/acronym without an accompanying use case or technological differentiation,” the report notes. “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories only for them to discover they are a rehash of existing solutions.”

The report recommends that a more welcome approach to acronym creep would be to focus on core use cases, such as adaptive application access, privileged identity or developer access, and to demonstrate differentiation on priority axes, such as ease of deployment, breadth of coverage and rich integrations.

Image: Cisco