Key Findings
Many organizations have been reluctant to define a formal identity and access management (IAM) program and a corresponding IAM leadership role. This impairs their ability to protect their organization from credential compromise, support digital transformation, and deliver cohesive, sustainable initiatives.
Often IAM leaders are solely focused on the operational aspects of identity, resulting in a lack of strategy planning (48% of organizations do not have a well-developed written strategy). This results in potential risk exposure, not obtaining value out of their current investment, and not being positioned to support growth for digital initiatives.
Technology purchase decisions are often made in silos without regard to how they fit into the wider identity-fabric ecosystem. This can result in overlapping capabilities, an inability toderive full value from their IAM investments and decisions made in silos, which can add risk.
Rarely do organizations provide adequate oversight of increasingly distributed IAM activities. This results in misaligned priorities, inadequate policies and standards, a lack of focus and reduced ability to protect the organization’s IAM attack surface.
GARTNER® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner, I AM Leaders’ Guide to IAM Program Management, Rebecca Archambault, Nathan Harris, Brian Guthrie, 26 June 2025