COMMENTARY: In the last month, I’ve heard a growing amount of uncertainty regarding the near-term economic outlook from large enterprise CISOs. Over the past few weeks this uncertainty seemed headed towards tighter fiscal management in the form of paused – but not cancelled – projects and greater scrutiny on recurring spending. At RSAC last week I had the chance to connect with dozens of enterprise CISOs—starting with a pre-event supper club and continuing through the conference meetups. A common theme has indeed emerged: organizations are approaching new spending with caution. Many new projects and their associated budgets appear on pause for the next couple of months as teams reassess priorities. Additionally, a significant number of CISOs anticipate the possibility of further budget adjustments in the second half of the year.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Many of the CISOs indicated that their immediate focus has been on existing renewals. Are they necessary? If so, can trim anythingt out of them to save money? If not, are there alternatives available at a more affordable price? Gartner’s recent research on CIO priorities supports my first-hand observations: there was an immediate change in focus as we moved into 2025. When surveyed in October of last year, cost barely made the top five priorities. And then only in the context of balancing cost, value and risk. But by Q1 2025, just four months later, three of the top five CIO action priorities – current or planned – were related to cost: modeling scenarios, assessing third party costs, and planning reductions.With identity and access management as one of the biggest portions of the cybersecurity budget, costing businesses $16 billion a year, it’s a natural place to look. And while product license costs may be fixed for the year, professional services related to IAM are often variable and tied to level of effort..A never-ending level of effort, so it seems. Today, enterprises are dependent on often expensive, outsourced humans to assess each new application for expected identity controls or each new identity tool for integration with every existing application…over and over and over again.As one specific example, consider identity governance and administration (IGA), on which organizations spent roughly $3 billion last year, according to analysts. The average project takes 42 months, costs more than $1 million and still remains incomplete. Industry experts estimate average IGA coverage at only 9% of an enterprise’s applications. And most of the CISOs I know will say less.AI, together with observability when properly applied, offers an ideal solution to automate the detailed, but repetitive tasks associated with the deployment of new IAM tools such as IGA. Real-world projects we’ve enabled have validated the cost and time savings through automation. Organizations can now complete IGA projects with purpose-built AI tools in just four months, at a fraction of the cost and with significantly higher coverage. And that’s just the beginning.There’s a great deal of interest to shift identity services spend for stymied IAM projects and quarterly attestation requirements from expensive, manual, often outsourced efforts to efficient, automated and predictable outcomes at a fraction of the cost. The time to value is fast, promising “real dollar savings” business cases, productivity gains and improved cybersecurity all at the same time. And not just for a couple of months. The gains can potentially pay dividends going forward.These same productivity gains – presented by AI engineered specifically for IAM – serve system integrator (SI) partners equally well. SIs that join the automation revolution of identity AI early will get a leg up on the competition and help better serve their customers with the right automated identity onboarding tool, process and outcomes.Reducing project durations while delivering better results presents a huge win for both CISOs and their partners who can now show immediate value and lower costs instead of being bogged down in the same project year after year.Automating IAM, IGA, and other expensive, people-dependent projects with proven, AI-driven tools is a rich mine to tap, particularly in today’s economy and given CISO’s top priorities. It’s indeed the right tool for the these tense, fast-moving times.Roy Katmor, co-founder and CEO, Orchid SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
You can skip this ad in 5 seconds