Companies need to understand, clearly define and control how much access users truly require.
Key takeaways
Respondents cited centralized IAM systems with MFA support as the top digital identity strategy.
Effective digital identity processes can boost efficiency while supporting increased security.
As security threats continue to evolve, the network no longer represents a company’s security perimeter. In today’s cybersecurity environment, identity is the new perimeter. With internal users, applications, customers and services providers needing varying levels of access to systems while hackers are constantly attempting to break in, middle market companies need to understand, clearly define and control how much access, if any, employees and vendors need to perform specific tasks.
“A truly effective digital identity strategy must cover capabilities and services to address inherent and compliance risk, introduce operational efficiencies, and be flexible as access requirements for humans and nonhuman resources dynamically change,” says Omer Arshed, a partner at RSM Canada. “As organizations go through digital transformations and continue to invest in technology, the right approach can protect sensitive data and improve the digital experience for both customers and employees.”
Many organizations see digital identity as a large initiative that can introduce complex change and affect the organization. On the contrary, digital identity investments, planned and implemented in the correct manner, are enablers and improve the digital experience for employees and customers while reducing inherent risks and creating cost efficiencies.
Omer Arshed, Partner, RSM Canada
In this year’s MMBI survey, the top method middle market respondents said they are leveraging to manage digital identity and secure systems access is a centralized identity and access management (IAM) system with support for multifactor authentication (MFA). As identity is a multifaceted service addressing employees, customers and applications, organizations must prioritize quantifiable risk reduction and enable foundational controls such as MFA. IAM with support for MFA was cited by 46% of overall survey respondents and was the leading method for both large (52%) and smaller (38%) middle market organizations.
The second-leading digital identity method (20%) in the MMBI survey was password management that relies on strict policies, such as regular updates and complexity requirements, but with no IAM system in place. Providing employees with password management tools to secure access ranked third at 14%.
“Some people just think of identity as a username and password that provides access to different groups and functions,” says Kane. “But people don’t often consider that sometimes even the lowest permissioned user can be an internal threat if their credentials are spoofed or obtained through social engineering or other methods. With a credential, a threat actor has the keys to the kingdom and can start getting access to data.”
Effective digital identity processes have rapidly evolved into a critical element of a middle market cybersecurity strategy. Unfortunately, some companies may see digital identity as an obstacle to productivity when the opposite is true: It can boost efficiency while supporting increased security.
“Many organizations see digital identity as a large initiative that can introduce complex change and affect the organization,” says Arshed. “On the contrary, digital identity investments, planned and implemented in the correct manner, are enablers and improve the digital experience for employees and customers while reducing inherent risks and creating cost efficiencies.”
RSM US Middle Market Business Index Special Report: Cybersecurity 2025
Related insights
