Identity

2025 State of IGA report reveals persistent gaps in automation and integration

Credit: Getty Images

For more than two decades, Identity Governance and Administration (IGA) has been positioned as a cornerstone of enterprise security and compliance. Yet CyberArk’s 2025 State of IGA Report reveals that, despite years of innovation, many organizations continue to face the same fundamental challenges: slow provisioning, excessive and orphaned permissions, and complex integration requirements.

The data is sobering:

  • Only 6% of organizations surveyed have achieved fully automated IGA processes.
  • 82% report ongoing struggles with integration, particularly as SaaS applications and multi-cloud environments expand.

These numbers point to a critical reality: Most enterprises are still managing identity governance through a patchwork of manual processes and partial automation, leaving significant security and operational risks unaddressed.

The cost of incomplete automation

The report says that slow provisioning and de-provisioning remain among the most cited pain points. When access rights are not granted or revoked quickly, employees are left waiting for the tools they need to do their jobs, and former employees may retain unnecessary access for days or even weeks. This lag not only hampers productivity but also increases the risk of insider threats and compliance violations.

Excessive and orphaned permissions are another area of concern, according to the report. Without automation to continuously monitor and adjust access levels, users frequently accumulate more privileges than necessary. Over time, these unmanaged permissions create fertile ground for misuse, privilege escalation, and lateral movement during attacks.

Integration challenges in the cloud era

The report also highlights the growing difficulty of integrating IGA systems with modern SaaS and cloud applications. Traditional role-based models often don’t map cleanly to the dynamic, distributed environments organizations now rely on. As a result, security teams struggle to maintain visibility and enforce consistent governance across hybrid infrastructures.

These challenges aren’t just technical. They carry significant business implications. Inefficient IGA practices slow digital transformation, complicate compliance audits, and drain resources that could be focused on higher-value initiatives.

Benchmarking the Path Forward

While the statistics illustrate persistent gaps, the 2025 State of IGA Report also provides a valuable benchmark. Organizations can use these findings to measure their own progress against industry peers and identify areas where modernization efforts should be prioritized.

Closing the automation and integration gaps will require more than incremental improvements. It demands a renewed focus on cloud-native IGA solutions, intelligent role management, and streamlined workflows that align with today’s hybrid, high-speed business environment. Until then, the promise of fully mature IGA remains just out of reach for most enterprises.

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds