Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Modernize Your Identity Authentication Practices

Securely manage your identities and improve your authentication based on risks.

  • The rise of attacks through identity compromise demonstrates the focus attackers are placing on leveraging identities to infiltrate a network.
  • Traditional authentication methods are no longer safe, as each authentication request puts the enterprise at risk.
  • There is a lack of visibility into the different authentication practices an organization implements.

Our Advice

Critical Insight

  • Leveraging a risk-based approach to modernizing your authentication practices will ensure you have the right authentication assurance level in place while also identifying continuous improvement for your authentication lifecycle.
  • Every authentication assurance level possesses its own benefits ands risks, hence you should target the authentication methods that aligns with your risk profile.
  • Begin your modernized authentication roadmap by prioritizing your authentication practices for the identities that are the most critical to your organization.
  • Implementing the right solution for your authentication needs begins by formalizing the right policies to ensure it aligns with your goals.
  • A robust authentication practice will mature your IAM and provide you with the visibility to safeguard your most critical protect surfaces
  • Not all organizations possess the appropriate readiness to modernize their identity authentication practices; it’s important to assess your current maturity before identifying improvement actions.

Impact and Result

This blueprint will provide you with:

  • A guideline on how to assess your current authentication practices and determine which authentication assurance levels and practices meet your needs.
  • Visibility into your organization’s current authentication practices within your various identity repositories.
  • A developed roadmap to help you determine how to prioritize your authentication initiatives based on risk, organizational needs, and capabilities.

Modernize Your Identity Authentication Practices Research & Tools

1. Modernize Your Identity Authentication Practices – A step-by-step guideline on how to build a how to build an authentication roadmap.

Use this report to assist you in completing the authentication strategy tool, which will help build your authentication roadmap.

The report will provide insights into the different authentication practices, authentication assurance levels based on industry standards, and guidelines on how to identify your desired authentication assurance level and associated authentication methods.

2. Authentication Strategy Tool – A structured tool that will help build your authentication roadmap and gain the visibility needed to modernize your practices.

The Authentication Strategy Tool will assist organizations in understanding their current authentication assurance levels based on their current authentication types and adherence to industry standards. Organizations will also identify their target authentication assurance levels (AALs) through a risk-based approach and develop a roadmap to achieve their desired AAL through a prioritized list of improvement actions.

3. Authentication Strategy Communication Deck – A communication template that will help you present your authentication roadmap and strategy to your executives.

The Communication Deck will consist of outputs from your authentication strategy tool that can be leveraged when presenting your authentication roadmap to executives to obtain their buy-in and support on the initiatives.

4. Authentication Policy Template – A policy template that can be leveraged to assist with the implementation of your authentication roadmap.

The Authentication Policy Template includes policy statements on managing identities, authentication, and access to your organization’s systems.

5. Authentication Standard Template – A standard template that will assist with the execution of your authentication policies.

The Authentication Standard Template should be leveraged in conjunction with the authentication policies, which will support the implementation of your policies.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.0/10


Overall Impact

$2,740


Average $ Saved

5


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Randolph Brooks Federal Credit Union

Guided Implementation

10/10

$2,740

5

Great feedback from the advisor.

Shared Services Canada - Chief Information Office

Guided Implementation

8/10

N/A

N/A

Greatly appreciated the strategic discussion without focus on the day to day. Appreciate the materials sent after the meeting also. thank you.


Modernize Your Identity Authentication Practices

Securely manage your identities and improve your authentication based on risks.

Analyst Perspective

Build an iterative authentication roadmap to help you better protect your identities.

As we continue to shift to a world where our digital footprint is expanding, it is important to ensure we protect our digital identities against the known and unknown threats that have negatively impacted organizations’ authentication practices. The rise in credential compromise attacks, coupled with the weak authentication measures of traditional methods, depicts the need for a framework that will protect user identities, while enabling continuous improvement in an evolving threat landscape.

A modernized authentication roadmap would leverage industry standards to assess your organization’s risk posture and existing methods, which will help determine the most appropriate authentication levels and associated practices applicable to your needs. The roadmap would also ensure you are prioritizing your critical identities and deploying it with applicable standards, policies, and metrics that will encompass your authentication best practice. Having visibility into your current authentication practices, while developing a plan to modernize it will allow for the continuous improvement to your authentication lifecycle and your identity and access management program.

Photo of Ahmad Jowhar, Research Analyst, Security & Privacy, Info-Tech Research Group.

Ahmad Jowhar
Research Analyst, Security & Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

  • Rise of attacks through identity compromise demonstrates the focus attackers are placing on leveraging identities to infiltrate a network.
  • Traditional authentication methods are no longer safe, as each authentication request puts the enterprise at risk.
  • Lack of visibility into the different authentication practices an organization implements.

Common Obstacles

  • Implementation of additional authentication methods such as MFA might not be possible with the organization’s current authentication maturity in place.
  • Organizations don’t know where or how to build their authentication strategies due to the lack of an authentication assessment in place.
  • With a fast majority of different authentication methods, organizations are unsure which method would best align with their security goals.

Info-Tech’s Approach

  • A guideline on how to assess your current authentication practices and determine which authentication assurance levels and practices meet your needs.
  • Visibility into your organization’s current authentication practices within your various identity repositories.
  • A developed roadmap to help you determine how to prioritize your authentication initiatives based on risk, organizational needs, and capabilities.

Info-Tech Insight

Leveraging a risk-based approach to modernizing your authentication practices will ensure you have the right authentication assurance level in place, while also identifying continuous improvement to your authentication lifecycle.

Your Challenge

Traditional authentication methods are not the most secure route anymore.

  • The increased rise of attacks through stolen credentials shows the shift of focus for threat actors in targeting identities to infiltrate an organization’s network.
  • Stolen credentials was the number one attack vector for threat actors, along with phishing attacks. However, the number of stolen credentials rose by 14%, while the number of phishing attacks fell by 11% (IBM, 2024), which indicates the focus of attackers on infiltrating an organization’s network through compromised credentials.
  • Safeguarding your user credentials isn’t as simple as a username and password, and organizations can’t rely on basic authentication methods, especially with the sophistication of threat actors in targeting user credentials.
  • Hence, implementing modernized authentication practices that protect your user credentials and organization’s assets would improve your overall security maturity and prepare your organization to defend against the evolving threats of authentication-based attacks.

74% — Number of attacks targeting user credentials rose by 74% in 2022. (Source: Microsoft, 2022)

30% — 30% of breaches are caused by stolen identities. (Source: IBM, 2024)

91% — 91% of organizations considered weak authentication practices to be the root cause of their breach. (Source: HYPR, 2024)

Common Obstacles

Improving authentication is important, but knowing where to start is crucial.

  • Although attacks targeting user credentials are increasing, many organizations are not adopting enhanced authentication practices to improve their security posture.
  • The use of basic authentication practices such as passwords are still the main methods being leveraged by organizations, with many indicating not having MFA in place or implementing weak MFA practices.
  • Although organizations understand improving their authentication practices should be a top priority, many find challenges in identifying not only which methods to adopt, but how to build their roadmap in implementing modernized authentication methods.
  • Hence, leveraging industry best-practices in developing an authentication roadmap will ensure organizations are improving their authentication practices by taking a risk-based approach that aligns with their organizational needs.

88% — 88% of ransomware attacks targeted accounts with no MFA in place. (Source: Microsoft, 2022)

53% — 53% of organizations only use passwords to protect access to systems. (Source: HYPR, 2024)

58% — 58% of organizations agree that stronger authentication methods, such as passwordless, would be more secure for their organization. (Source: HYPR, 2024)

Modernize your identity authentication practices

Securely manage your identities and improve your authentication based on your risks.

Leveraging a risk-based approach to modernizing your authentication practices will ensure you have the right authentication assurance level in place, while also identifying continuous improvement for your authentication lifecycle.

Current Authentication Practice

Is not the safest approach, as it brings additional risks and impacts to the business

  • Increased security risks from basic authentication methods
  • Undefined AAL
  • Lack of authentication roadmap to assist in modernization

Info-Tech’s methodology for modernizing your identity authentication practices

1. Determine Your Authentication Methods

2. Develop Your Authentication Roadmap

3. Deploy Your Authentication Roadmap

Phase Steps

  1. Identity your current authentication maturity and risk level
  1. Identify your target authentication maturity and improvement actions
  2. Prioritize your improvement actions based on the cost and benefits of each initiative
  1. Implement your roadmap by having the right policies and metrics in place

Phase Outcomes

  • A defined list of authentication practices and their associated AAL across your organization
  • A repository of various identities and their associated authentication practices, along with their current and target AAL
  • A prioritized list of initiatives that will help mature an organizations authentication posture
  • A list of policies, standards, and metrics that can be leveraged when deploying the authentication roadmap

Insight summary

Build your authentication roadmap by having your risk and capabilities in mind

Leveraging a risk-based approach to modernizing your authentication practices will ensure you have the right authentication assurance level in place, while also identifying continuous improvement for your authentication lifecycle.

Define your authentication assurance level based on your risk appetite

Every authentication assurance level possesses its own benefits and risks; hence you should target the authentication methods that align with your risk profile.

Protect your crown jewels first

Begin your modernized authentication roadmap by prioritizing your authentication practices whose identities are the most critical to your organization.

Strategize the deployment of your roadmap

Implementing the right solution for your authentication needs begins by formalizing the right policies to ensure it aligns with your goals.

Develop a roadmap that goes beyond modernizing authentication

A robust authentication practice will mature your IAM and provide you with the visibility to safeguard your most critical protect surfaces.

Assess before you build

Not all organizations possess the appropriate readiness to modernize their identity authentication practices, hence it’s important to assess your current maturity before identifying improvement actions.

Blueprint deliverable

This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

Key Template:

Identity Authentication Roadmap Deck

Communication deck to help deliver your authentication findings and improvement actions to your collaborators.

Sample of the Identity Authentication Roadmap Deck.

Authentication Strategy Tool

Strategy tool to help you build your authentication roadmap.

Sample of the Authentication Strategy Tool.

Authentication Policy

Template to help draft your authentication policy.

Sample of the Authentication Policy.

Authentication Standard

Template to help draft your authentication standard.

Sample of the Authentication Standard.

Blueprint benefits

IT/Security Benefits

  • Improved visibility into the organization’s authentication practices and maturity level based on best practice and standards.
  • Reduced risk exposure to your identities through an appropriate roadmap in enhancing your authentication measures.
  • Guidance on implementing your authentication practices through standards and policies, which will improve user awareness, adoption, and satisfaction.

Business Benefits

  • Improved security posture through the strategic approach to enhance authentication measures based on organizational risks.
  • Better understanding of authentication best practices that will enable compliance with regulation and standards.
  • Improved maturity into your organization’s identity and access management program, which will better protect your crown jewels and reduce compliance and regulation risks.

Securely manage your identities and improve your authentication based on risks.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.0/10
Overall Impact

$2,740
Average $ Saved

5
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Determine Your Authentication Level
  • Call 1: Scope requirements, objectives, and your specific challenges.
  • Call 2: Identify your organization’s authentication assurance level (AAL) and current practices.

Guided Implementation 2: Develop Your Authentication Roadmap
  • Call 1: Assess current AAL for all authentication practices.
  • Call 2: Identify target AAL through a risk assessment, as well as improvement actions.

Guided Implementation 3: Deploy Your Authentication Roadmap
  • Call 1: Identify appropriate metrics to implement and formalize the authentication policies and standards.
  • Call 2: Build and review the communication deck that will be presented to executives for initiative support.

Author

Ahmad Jowhar

Contributors

  • Fabrizio Ienna, Allstate Canada, Project Manager – IAM Cybersecurity
  • Kris Arthur, SEKO Logistics, CISO
  • Rebecca Rivera, Integral Partners LLC, Senior Manager Advisory Services
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019