2022 Planning Guide for Identity and Access Management

As organizations prioritize their identity and access management (IAM) initiatives for 2022, they should choose ongoing and incremental projects to evolve their IAM deployments. This fits changing organization needs better by being more flexible and less siloed and by requiring fewer manual operations.

Recommendations:

Security and risk management technical professionals focused on IAM should:

  • Improve security by removing implicit user (human and machine) trust from all computing infrastructure over time and replacing it with explicitly evaluated, real-time adaptive trust for just enough access to enterprise resources
  • Reduce risk by prioritizing the rollout of foundational best practices, such as multifactor authentication, zero standing privileges and zero-trust architecture if not already fully implemented
  • Enhance IAM agility and reach by removing silos and incrementally adopting the distributed, composable cybersecurity mesh architecture approach when making architectural decisions
  • Optimize distributed architecture by evolving IAM governance, processes and infrastructure to efficiently support hybrid/multicloud environments