Where does the function of Identity Management should sit within IT organization?

Identity & Access Management (IAM)

Cybersecurity Team33%

Infrastructure and Operation Team56%

Physical Security Team7%

Other team. Please specify4%

178 PARTICIPANTS
1.8k viewscircle icon2 Comments
Sort by:
Director of Information Securitya year ago

Identity and access management functions belong within an identity and access management team. This team aligns under the CISO.

Lightbulb on2
Director of ITa year ago

Identity Access Management should belong under the CISO in order to meet NIST requirements.  Also Security Operations, GRC, and IAM work together.

Lightbulb on2

Content you might like

In most enterprises, non-human identities (API keys, service accounts, tokens, and certificates) outnumber human identities by 25–50x. Recent Gartner research identifies unmanaged machine identities as a critical blind spot in Zero-Trust architectures and cloud security frameworks. Where does your organization currently stand in terms of machine identity governance implementation?

Comprehensive program deployed (full lifecycle management, automated rotation, continuous monitoring)

Initial implementation underway (discovery and vaulting completed, governance framework maturing)83%

Strategic planning phase (implementation scheduled within the next 12 months)17%

Assessment stage (evaluating business case and organizational requirements)

View Results

Can anyone share how they have partnered with HR to prevent shadow agents from accessing HR data outside of sanctioned AI platforms/tools?

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Read More Comments

How do you monitor and restrict the types of visitor behavior information and PII 3rd-parties can discern, record, or extract via scripts and applications on your website?

We don't use any 3rd-party scripts16%

We can't monitor or restrict 3rd-party script behavior on our website31%

We trust vendors based on initial reviews22%

We test scripts periodically18%

We use Web Privacy Management, WebAppSec, or PriSec Software8%

We outsource website privacy and app security monitoring services2%

Other (please describe)

View Results

If you’ve implemented zero trust identity and access management, what tools have been most effective at enforcing strict access controls?

Read More Comments