Security and risk management leaders are experiencing widespread disruption in identity and access management (IAM) solutions for many reasons, most notably because of the increased drive to customer-facing interactions on digital channels and the sudden and rapid expansion of the remote workforce because of the pandemic.
“IAM challenges have become increasingly complex,” says Akif Khan, Senior Director Analyst, Gartner, “and many organizations lack the skills and resources to manage effectively. Leaders must improve their approaches to identity proofing, develop stronger vendor management skills and mitigate the risks of an increasingly remote workforce.”
The five strategic planning assumptions that follow focus on current trends in decentralized identity, access management, IAM professional services and identity proofing.
Cybersecurity mesh will support more than 50% of IAM requests
The old security model of “inside means trusted” and “outside means untrusted” has been broken for a long time. Most digital assets and devices are outside the enterprise, as are most identities.
Read more: Gartner Top 10 Security Projects for 2020-2021
By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model. The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls.
Delivery of IAM services will increase via managed security service providers (MSSPs)
Organizations lack the qualified resources and skills to plan, develop, acquire and implement comprehensive IAM solutions. As a result, they’re contracting professional services firms to provide the necessary support, particularly where multiple functions need to be addressed simultaneously.
More and more, organizations will rely on MSSP firms for advice, guidance and integration recommendations. By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners.
Identity proofing tools will be implemented within the workforce identity life cycle
Historically, vendor-provided enrollment and recovery workflows for multifactor authentication have incorporated weak affirmation signals, such as email addresses and phone numbers. As a result, implementing higher-trust corroboration has been left as an exercise for the enterprise.
Because of the massive increase in remote interactions with employees, more robust enrollment and recovery procedures are an urgent requirement, as it is harder to differentiate between attackers and legitimate users. By 2024, 30% of large enterprises will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes.
A global, portable, decentralized identity standard will begin to emerge
Centralized approaches to managing identity data — common in today’s market — struggle to provide benefits in the three key areas: Privacy, assurance and pseudonymity. A decentralized approach uses blockchain technology to help ensure privacy, enabling individuals to validate information requests by providing the requestor with only the absolute minimum required amount of information.
By 2024, a true global, portable, decentralized identity standard will emerge in the market to address business, personal, social and societal, and identity-invisible use cases.