A survey of 614 cybersecurity and IT leaders finds 89% of the applications deployed are not centrally managed via a multifactor authentication (MFA) platform.

Conducted by the Ponemon Group on behalf of Cerby, a provider of a platform for managing identities, the survey also notes 70% have not configured to provide single sign-on (SSO) capabilities.

Nevertheless, well over half of respondents (57%) on a scale of one to ten rated their confidence in their ability to provide consistent security controls across all applications at 7 or higher.

Matt Chiodi, chief strategy officer for Cerby, said that self-assessment suggests that security leaders are overly confident in their ability to enforce application security controls, especially when it comes to disconnected applications. In fact, the survey finds more than three quarter of respondents (77%) work for organizations that have experienced at least one incident involving disconnected applications in the past two years, with 39% reporting those incidents led to operational disruption.

Nearly two-thirds (63%) also admit their organization has failed at least one internal or external audit involving disconnected applications, and only 34% can consistently produce accurate access records.

More troubling still, 58% reported there has been an increase in the number of disconnected applications deployed in the last year. On the plus side, well over half of respondents (56%) said there is now greater urgency to address disconnected application security.

In addition to disconnected applications, the number of AI applications is also rising. More than a quarter (27%) have seen an increase, with 24% of those respondents having already deployed more than 100 AI applications. Only 6% said they have not deployed any AI applications.

Regardless of the type of application deployed, rising levels of threats are not accelerating the pace of MFA and SSO adoption remains sluggish. In fact, 60% of respondents still rely on manual processes to make access changes. That issue is now coming to a head in the age of AI because changes to application environments are now being made faster than ever, noted Chiodi. The issue is that AI agents are, in effect, not only exponentially increasing the number of identities that need to be managed but are also more deeply integrated into business workflows, he added.

It’s not clear to what degree cybersecurity teams are prepared to revisit identity management in the age of AI but it may now be more a question of when rather than if. The negating factor, as always, is likely to be the amount of available budget and the availability of skills. After all, identity management is only one aspect of a larger portfolio of security tools and platforms that need to be deployed, updated and managed.

Unfortunately, adversaries are becoming more adept at exploiting identities such as login credentials. The trouble is those credentials are now being extended to AI agents that, if compromised, have all kinds of potential to wreak havoc. As such, cybersecurity teams while continuing to hope for the best might also be well advised to continue to prepare for the worst.