Press Release

STAMFORD, Conn., December 15, 2014 View All Press Releases

Gartner Says the Internet of Things Will Drive Device and User Relationship Requirements in 20 Percent of New IAM Implementations by 2016

Gartner's 2015 Predictions Special Report Examines the Significant Impacts of the Evolution of Digital Business

The Internet of Things (IoT) will drive device and user relationship requirements in 20 percent of new identity and access management (IAM) implementations by year-end 2016, according to Gartner, Inc. The IoT has introduced new concepts for identity management, since every device interacting with users has an identity — and users and devices can have complex, yet defined, relationships.

"IAM, as defined today, will bifurcate, with identity management assuming a broader entity relationship management role and access management assuming a broader relationship execution role that replaces or supplements authentication policy and authorization enforcement," said Earl Perkins, research vice president at Gartner. "Traditional authentication and authorization for user identities will continue to include devices and services, but will also incorporate expanded machine-to-machine (M2M) communications requirements into expanding digital business moments. Embedded software and systems will make extensive use of the new and expanded IAM architecture to handle the scale and ubiquity requirements the IoT will demand."

Gartner made three further predictions about IAM:

By 2017, enterprise mobility management integration will be a critical IAM requirement for 40 percent of buyers, up from less than five percent today.

Organizations continue to face challenges in providing consistent, convenient and secure access to enterprise and third-party applications using Web and native application architectures on a wide variety of devices. Today's enterprise mobility management (EMM) tools can set security policies, provision device identities and isolate applications. However, their access management integration capabilities are nascent and only support internal use cases well.

Present-day EMM tools have limited breadth of support for Windows operating systems and, although Windows endpoints may be on the decline relative to mobile adoption rates, Windows endpoint management is not going away. Given these integration gaps and market opportunities, IAM leaders can expect EMM and traditional Windows PC management disciplines to move through three waves during the next five to seven years, going from diverged solutions to converged solutions with separate management processes, and finally to converged tools and processes. This third phase is called universal endpoint management (UEM), which will better address endpoint diversity and support traditional desktop, laptop and mobile devices. During the next two years, disparate IAM and EMM disciplines will evolve similarly and will be used together to protect organizations from threats that have overcome traditional IAM and EMM controls used in isolation.

By 2020, 60 percent of organizations will use active social identity proofing and let consumers bring in social identities to access risk-appropriate applications.

Digital business is driving the need for organizations to consume social or other reusable, third-party identities. The pervasive and persistent use of social media across the geographies has presented a valuable source of identity information and service delivery opportunity for today's identity consumers and service providers.

"More enterprises could adopt a bring your own identity (BYOI) approach for allowing customers and workforces to use their social identities, thereby improving user experience and opportunity to leverage social relationships for marketing purposes," said Anmol Singh, principal research analyst at Gartner. "With low-cost, social identity-proofing services, small and midsize businesses could use remote on-demand verification of identities to grant access to users outside the organization, eliminating the need to manage detailed identity-proofing processes in-house."

By 2020, new biometric methods will displace passwords and fingerprints for access to endpoint devices across 80 percent of the market.

Biometric technology is not new, but it is now gaining traction in mobile devices for consumers. Within the past year, Apple, Samsung and others began globally shipping smartphones with embedded fingerprint authentication and Gartner expects increased penetration over the next few years.

However, interest in fingerprint methods is expected to peak at around 20 percent of the total endpoint device market in 2017. Biometric implementations in these consumer devices are relatively weak; after all, the feature extraction, comparison and matching have been tuned to provide a good user experience and good performance on a mobile device, rather than to establish high trust.

"Embedded fingerprint authentication does not improve user experience for everyone," said Ant Allan, research vice president at Gartner. "Furthermore, given the low trust that these methods afford, we expect to see increasing dissatisfaction as people's devices are compromised over the next few years. The same kind of biometric modes that organizations may soon adopt for authentication from the device will be preferred for authentication to the device in the midterm."

Gartner projects that endpoint device vendors will invest in face recognition via a user-facing camera, voice recognition via a microphone, keystroke and gesture dynamics via multitouchscreens and handling dynamics — a novel motion-based behavioral mode using device accelerometers and gyros. One of the major advantages of these methods over fingerprint is that not one needs a specialized sensor. Each one takes advantage of inputs that are already available on smartphones, tablets and many PCs. Hence, any or all could be implemented simply by making changes to the endpoint OS, thus benefiting all users, not just those with the latest models.

More detailed analysis is available in the Gartner Special Report "Predicts 2015: Identity and Access Management." The report is available on Gartner's website at http://www.gartner.com/document/2912417.

This research note is part of Gartner's Special Report "Gartner Predicts 2015" features over 80 reports arming IT leaders with insights and actions to begin exploring the significant impacts of the evolution of digital business. The special report can be viewed at http://www.gartner.com/technology/research/predicts/ and includes links to reports and video commentary that examine how digital business is driving “big change”.

Gartner analysts will also explore in more detail how to address difficult and complex IAM issues at the Gartner Identity & Access Management Summit 2015, held on 16-17 March in London, UK. You can find more information about the Summit here http://www.gartner.com/technology/summits/emea/identity-access/. To obtain a media pass for the Summit, please contact rob.vandermeulen@gartner.com.

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. The company delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the valuable partner to clients in approximately 10,000 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 7,900 associates, including more than 1,700 research analysts and consultants, and clients in more than 90 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.