January 14, 2021
January 14, 2021
Contributor: Robert Snow
Security and risk management leaders must face increasingly complex IAM challenges with a focus on customer-facing interactions and increased remote workers.
Security and risk management leaders are experiencing widespread disruption in identity and access management (IAM) solutions for many reasons, most notably because of the increased drive to customer-facing interactions on digital channels and the sudden and rapid expansion of the remote workforce because of the pandemic.
“IAM challenges have become increasingly complex,” says Akif Khan, Senior Director Analyst, Gartner, “and many organizations lack the skills and resources to manage effectively. Leaders must improve their approaches to identity proofing, develop stronger vendor management skills and mitigate the risks of an increasingly remote workforce.”
The five strategic planning assumptions that follow focus on current trends in decentralized identity, access management, IAM professional services and identity proofing.
The old security model of “inside means trusted” and “outside means untrusted” has been broken for a long time. Most digital assets and devices are outside the enterprise, as are most identities.
Read more: Gartner Top 10 Security Projects for 2020-2021
By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model. The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls.
Organizations lack the qualified resources and skills to plan, develop, acquire and implement comprehensive IAM solutions. As a result, they’re contracting professional services firms to provide the necessary support, particularly where multiple functions need to be addressed simultaneously.
More and more, organizations will rely on MSSP firms for advice, guidance and integration recommendations. By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners.
Historically, vendor-provided enrollment and recovery workflows for multifactor authentication have incorporated weak affirmation signals, such as email addresses and phone numbers. As a result, implementing higher-trust corroboration has been left as an exercise for the enterprise.
Because of the massive increase in remote interactions with employees, more robust enrollment and recovery procedures are an urgent requirement, as it is harder to differentiate between attackers and legitimate users. By 2024, 30% of large enterprises will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes.
Centralized approaches to managing identity data — common in today’s market — struggle to provide benefits in the three key areas: Privacy, assurance and pseudonymity. A decentralized approach uses blockchain technology to help ensure privacy, enabling individuals to validate information requests by providing the requestor with only the absolute minimum required amount of information.
By 2024, a true global, portable, decentralized identity standard will emerge in the market to address business, personal, social and societal, and identity-invisible use cases.
Bias with respect to race, age, gender and other characteristics gained attention significantly in 2020, coinciding with the increased interest in document-centric identity proofing in online use cases. This “ID plus selfie” process uses face recognition algorithms to compare selfies of customers with the photo in their identity document.
There has always been awareness of possible bias in face recognition processes, with implications concerning customer experience, brand damage and possible legal liability. As a result, by 2022, 95% of organizations will require that identity-proofing vendors prove that they are minimizing demographic bias, a significant increase from less than 15% today.
Connect with the world’s leading security and risk management leaders with Gartner experts to establish an agile security program and deliver business value.
Recommended resources for Gartner clients*:
Predicts 2021: Identity and Access Management and Fraud Detection
*Note that some documents may not be available to all Gartner clients.