5 Key Predictions for Identity and Access Management and Fraud Detection

Security and risk management leaders must face increasingly complex IAM challenges with a focus on customer-facing interactions and increased remote workers.

Security and risk management leaders are experiencing widespread disruption in identity and access management (IAM) solutions for many reasons, most notably because of the increased drive to customer-facing interactions on digital channels and the sudden and rapid expansion of the remote workforce because of the pandemic.

“IAM challenges have become increasingly complex,” says Akif Khan, Senior Director Analyst, Gartner, “and many organizations lack the skills and resources to manage effectively. Leaders must improve their approaches to identity proofing, develop stronger vendor management skills and mitigate the risks of an increasingly remote workforce.”

The five strategic planning assumptions that follow focus on current trends in decentralized identity, access management, IAM professional services and identity proofing.

Gartner Security & Risk Management Summit

Objective insights, strategic advice and practical tools to help you manage your most critical IT security and risk priorities.

Learn More

Cybersecurity mesh will support more than 50% of IAM requests

The old security model of “inside means trusted” and “outside means untrusted” has been broken for a long time. Most digital assets and devices are outside the enterprise, as are most identities.

Read more: Gartner Top 10 Security Projects for 2020-2021

By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model. The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls.

Delivery of IAM services will increase via managed security service providers (MSSPs)

Organizations lack the qualified resources and skills to plan, develop, acquire and implement comprehensive IAM solutions. As a result, they’re contracting professional services firms to provide the necessary support, particularly where multiple functions need to be addressed simultaneously.

More and more, organizations will rely on MSSP firms for advice, guidance and integration recommendations. By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners.

Identity proofing tools will be implemented within the workforce identity life cycle

Historically, vendor-provided enrollment and recovery workflows for multifactor authentication have incorporated weak affirmation signals, such as email addresses and phone numbers. As a result, implementing higher-trust corroboration has been left as an exercise for the enterprise.

Because of the massive increase in remote interactions with employees, more robust enrollment and recovery procedures are an urgent requirement, as it is harder to differentiate between attackers and legitimate users. By 2024, 30% of large enterprises will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes.

A global, portable, decentralized identity standard will begin to emerge

Centralized approaches to managing identity data — common in today’s market — struggle to provide benefits in the three key areas: Privacy, assurance and pseudonymity. A decentralized approach uses blockchain technology to help ensure privacy, enabling individuals to validate information requests by providing the requestor with only the absolute minimum required amount of information.

By 2024, a true global, portable, decentralized identity standard will emerge in the market to address business, personal, social and societal, and identity-invisible use cases.

Demographic bias within identity proofing will be widely minimized

Bias with respect to race, age, gender and other characteristics gained attention significantly in 2020, coinciding with the increased interest in document-centric identity proofing in online use cases. This “ID plus selfie” process uses face recognition algorithms to compare selfies of customers with the photo in their identity document.

There has always been awareness of possible bias in face recognition processes, with implications concerning customer experience, brand damage and possible legal liability. As a result, by 2022, 95% of organizations will require that identity-proofing vendors prove that they are minimizing demographic bias, a significant increase from less than 15% today.

Recommended Gartner client* reading: Predicts 2021: Identity and Access Management and Fraud Detection by Akif Khan et al. 

 

*Note: Some documents may not be available to all Gartner clients.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Architecture of Conversational AI Platforms

Read this note to look at conversational AI platforms for...

Learn More

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching