Last month IT and security professionals gathered in-person at the Gartner Identity & Access Management (IAM) Summit held in Las Vegas for the first time in 3 years since the start of the global pandemic.
Having attended sessions across the three days on various IAM topics, below are some key takeaways from the various sessions and networking sessions.
Passwordless MFA is a key topic that is top of mind for all organizations. No shocker here, given the increased attacks and security risks from using passwords even as a first factor. Organizations need to develop a roadmap to move toward a fully passwordless multi-factor authentication (MFA) approach balancing user experience and security.
Move beyond MFA to continuous adaptive trust (CAT). The industry is looking to move toward a world where passwordless MFA will become the default, but MFA is no longer enough to ensure you keep critical data and applications secure. You need to mature your IAM implementation to include risk-based step-up authentication and ultimately move to a continuous adaptive trust approach where you are continuously evaluating the risk of a user through various signals such as behavioral biometrics, analytics, and more to allow or revoke access for a user. According to Gartner, “By 2025, organizations that embrace a CAT approach will reduce account takeover (ATO) and other identity risks by 30% and improve authentication UX by reducing prompts by a factor of 20.”
Authentication was a focus the last decade. Authorization and access management along with policy controls will be the focus in the next 10–20 years. Organizations can no longer only pay attention to who’s coming through the front door; they also need to understand what users that are authenticated can access and what policy controls are in place to ensure only authorized users with the right permissions can access resources. There is no Zero Trust architecture without access management.
Convergence across IAM technologies is becoming a reality. There will be a demand for convergence of various IAM technologies with IAM vendors looking to offer additional capabilities as they expand features and functionality into adjacent markets. IAM vendors will look to add lightweight identity governance and administration (IGA) and privileged access management (PAM) capabilities into their solution set.
Organizations need to take an identity-first approach to security. Implementing a cybersecurity mesh architecture (CSMA) and Identity threat detection and response will be key in stopping cyberattacks with an identity-first security approach. A CSMA strategy involves adding support for security intelligence and analytics, policy management, and dashboards with an identity fabric that ties it all together. The identity fabric will be a key piece of the cybersecurity mesh architecture that allows for a secure, distributed, and interoperable way in which organizations can architect their IAM platforms and deployments for a true identity-first security approach.
Decentralized identity is the future. Decentralized identity wallets will enable universal ownership and accountability and be a core component of web 3.0. Portable digital identity will allow for greater privacy and put more control in the hands of users. Decentralized Identity and verifiable claims will disrupt the relationship architecture by moving to decentralized data storage, peer-to-peer protocol control with a shared trust infrastructure. Although there will be short to medium term innovations and use cases that will adopt a decentralized identity approach to solutions, true wide-scale adoption is about 10–15 years out with governments and service providers starting to work on defining and establishing trust frameworks.
These are truly exciting times for the evolution of IAM platforms and solutions. Learn more about how Entrust is innovating to build secure and scalable solutions in IAM to support organizations in their journey to implementing an identity-first approach to security.
For more information on Entrust Identity as a Service, visit our web page here.