According to identity security experts at CyberArk, 37% of South African organisations say they have issues with shadow IT and unsanctioned AI applications – ironic signs that employees recognise the advantages of using digital tools.
The tug of war between cyber risks and digital advantages continues to shape how organisations and individuals use technology.
This tension is not new. Craig Harwood, CyberArk's Area Vice-President for the META region, noticed the dynamic early in his career when he sold products for a large internet service provider.
"In the late 90s, I was really successful within the sales space when I started selling security tools. It wasn't part of what we did, but selling those security tools actually became financially bigger than selling internet connectivity."
Keeping up with maturing customers
Back then, security was a simpler topic. But the constant expansion and federation of technology added complications.
Soon, the 'secure fortress' form of security (where most things stayed and functioned inside an organisation) made way for networks, integrations, outside services and third-party platforms and infrastructure. The COVID-19 years pushed this trend onto a new curve, solidifying remote working as a norm.
Technology's expansion created new security challenges, evident in sharp increases in cyber crime. Meanwhile, company owners and executives became more security conscious, and identity security became the thread that brought all security activities together.
"Identity is now the security boundary of a corporate estate, and removing friction for users is a crucial way to make identity security more effective," says Harwood.
Reducing friction
Cyber security friction appears in different forms. The average employee can use dozens of apps in a day. Remembering and managing the logins for each is draining and provides opportunities for criminals to steal account credentials. Companies are increasingly prioritising less friction in their security and identity channels.
Friction also increases when companies add more security tools and services, which creates complexity that makes monitoring and management harder. For example, 39% of South African companies run multiple identity management tools, and 20% say better threat detection and response is a high priority for better security visibility.
Harwood points to a lot of market interest and activity around these issues: "Cyber security solutions generally introduce some type of friction, which then accounts for the slow adoption of solutions. There's a huge amount of investment taking place these days for frictionless security solutions, such as single sign-on, passwordless access and seamless multifactor authentication."
Security machine identities
Machine identities are also influencing cyber security's next considerations. Artificial intelligence, internet of things devices, bots, APIs and other examples of non-human identities become more prevalent as reliance grows on automation and integration. One study claims that there is a ratio of 80 machine identities for every human working at an organisation.
Criminals are drawn to machine identities, which are often less secure than human-linked identities.
"Cyber criminals have realised that guys do a great job around the human aspects of identity but don't give the same attention to machine identities. They're not spending money on protecting machine identities. Why? Because it's money that they don't have and haven't budgeted for."
However, more organisations are paying attention to machine identities – 24% of South African companies rank it as a top strategic security priority for 2025. These efforts benefit from the progress made by the identity security market, including measures that tackle concerns such as visibility.
"With the right controls, you can get rid of the majority of the noise that comes your way," says Harwood. "There are always new risks, and there might be some sophisticated attacks that come your way. But if you can identify them, you can take the right measures to get them."
Share