Building on the findings of the Secure Employee Access Report, our May 1st webinar explores how organizations can strengthen identity access strategies in an AI-driven landscape. Join us →
Traditional, highly specialized, and siloed approaches to securing employee access aren’t cutting it anymore. In fact, 98% of security leaders believe closer collaboration between identity and network teams would enhance security and efficiency. This is just one of the findings of the Secure Employee Access in the Age of AI report where we surveyed 300 security leaders to learn how their security strategies and investments are evolving as they tackle novel security challenges and enable secure AI transformation. This report focuses on key statistics and actionable insights to reimagine how to protect identities and access to applications and resources in your organization.
Some of our top-level findings are:
- Modern work environments are increasingly complex, bringing new security challenges.
- The attack surface is expanding and accumulating siloed identity and network access solutions is not helping security leaders to keep up.
- Closer collaboration between identity and network teams will bring better security and efficiency.
The complexity of modern work
As organizations embrace cloud adoption, hybrid work, and AI applications, the security landscape is evolving rapidly. This shift has introduced three key challenges that security teams must address to protect employee access and reduce risk.
- Security leaders are managing an ever-expanding digital environment with more identities and applications than ever before. Employees need seamless access to business-critical apps, but security teams are struggling to keep up. Even more so, 58% of security leaders expect the number of identities to grow in the next year, making employee access lifecycle and least privilege access top priorities. Without proper governance, identity sprawl increases the risk of unauthorized access and security gaps.
- Hybrid work continues to reshape security needs. Employees regularly switch between remote and on-premises environments, creating inconsistent access patterns and new attack vectors. As a result, 61% of security leaders report a rise in identity and network security incidents tied to hybrid work models. Legacy security models that rely on perimeter-based defenses fail to address the complexity of securing access across distributed workforces.
- AI adoption is accelerating, helping employees be more productive but also creating new kinds of cyber-threats. Security professionals recognize the need to secure access to AI applications, yet many lack clear strategies to do so. 57% of security leaders report an increase in security incidents due to AI usage, highlighting the urgency of implementing strong access controls for AI tools. As AI becomes deeply integrated into workflows, securing access to these applications will be critical to protecting sensitive data and mitigating emerging threats. As a matter of fact, 61% of organizations are already starting to implement just-in-time access to GenAI tools.
The path forward requires a unified, proactive, and scalable approach to access security —one that unifies identity and network access controls to create a stronger defense against today’s evolving threats.
Expanding attack surface and tool proliferation
Facing an ever-expanding attack surface, security teams often find themselves adopting more and more identity and network security solutions. These tools promise to solve the most pressing issues, but they’re often chosen and operated by different teams without much coordination. The idea is simple—more tools or the latest tool should ensure better security coverage. However, research shows that this approach can backfire, leading to increased complexity, inefficiencies due to fragmented communication and collaboration, and even higher breach risks. When on average four different teams are responsible for managing and securing employee access across identity and network, it’s hard to see the full picture.
Managing multiple solutions from multiple vendors also creates operational challenges. On average, organizations use five identity solutions from three vendors and four network access solutions from another three vendors. This mix of tools often results in disjointed security strategies, making it harder to enforce consistent policies, detect threats, and streamline incident response. And instead of improving security, organizations with six or more identity and network solutions reported an increase in significant breaches, with 79% seeing a rise in breaches compared to only 45% of those with five or fewer solutions.
The data paints a clear picture: more tools do not mean better security. Instead, organizations with fewer tools experience fewer breaches and impacts. By shifting their focus to simplifying and unifying access management, organizations can reduce risk, improve operational efficiency, and deliver better user experience for their security teams and their employees.
Breaking silos between identity and network
Collaboration between identity and network teams has become essential. When these functions operate in silos, the results are misaligned policies, fragmented visibility, and inefficient operations. With threats targeting both identity and network layers, a lack of coordination leaves gaps in access policies and controls, delays response efforts, increases risk exposure, and weakens the overall security posture. To stay ahead of evolving threats, security leaders must create a more integrated, collaborative access security strategy.
Research shows that nearly 98% of security professionals believe closer collaboration would enhance security and organizational efficiency. Additionally, 96% of them would prefer a comprehensive and integrated approach to identity and network access management instead of standalone solutions.
Security leaders also highlighted the major benefits of unification: 97% believe it will increase security and improve user experience, while 83% say it will accelerate their Zero Trust strategy.
The road to secure employee access in the age of AI
The security landscape is shifting rapidly, and it’s time to rethink secure access for employees by moving beyond fragmented, siloed approaches to identity and network management. Building a unified strategy is key to strengthening protection, efficiency, and user experience.
Here are the critical next steps security leaders should take to proactively build a more resilient access strategy:
- Unify identity and network access controls to ensure consistent security policies across users, devices, and applications.
- Foster greater collaboration between identity and network security teams to improve information sharing and risk mitigation.
- Reduce complexity by consolidating security solutions, minimizing tool sprawl, and streamlining operations.
- Secure access to AI applications to balance productivity gains with robust security controls.
The path forward is clear: simplification, unification, and collaboration will be the key drivers in securing employee access in the AI era. Read the full report for deeper insights and strategic recommendations. Explore the infographic to learn more.
Irina Nechaeva, General Manager Identity and Network Access
Learn more about the innovations designed to help your organization protect data, defend against cyber threats, and stay compliant. Join Microsoft leaders online at Microsoft Secure on April 9.
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Updated Apr 16, 2025
Version 3.0
Irina_Nechaeva
Microsoft
Microsoft