Years of data breaches stemming from credential theft, attacks targeting privileged user accounts and poor password practices have led to a major evolution in identity and access management technology designed to protect enterprise data.
Five IAM trends are addressing the need for greater user account and network protection. They are meant to mitigate the damage that could be done as network perimeters are erased, organizations move more applications to the cloud and enterprises increase overall complexity.
1. Moving beyond passwords
The call for the elimination of passwords has echoed through the infosec world for years, but the technology to make it a reality needed time to catch up. Biometrics has become popular and enables the use of one's fingerprints, face, eyes or voice for authentication. But concerns include what happens if someone's biomarkers can be stolen and realistically mimicked.
Two-factor and multifactor authentication (MFA) options are becoming far more user-friendly, which is boosting adoption. MFA is also becoming more secure by moving past easily intercepted one-time codes sent via text to the use of physical keys or other devices -- often a smartphone -- to validate one's identity. Adoption of the FIDO2 standard, including the WebAuthn specification, by major web browsers and smartphone manufacturers is making implementation of MFA easier on the web and in apps.
2. Privileged access management
The principle of least privilege is fundamental to IAM, but new privileged access management models include not just monitoring privileged accounts, but also just-in-time access.
Long-term overprovisioning, or privilege creep, is often a source of accidental and malicious threats, and a lack of tracking employees' IT access as they change roles is often the root cause of the issue. A just-in-time provisioning model minimizes these risks by determining access based on multiple contextual factors, monitoring privileged account activity and creating an audit trail to track sensitive data.
3. Cloud IAM models
More employees are working remotely, so enterprise applications and services are increasingly cloud-based. As this trend accelerates, enterprises have sought out cloud access service brokers (CASBs) to manage logins for cloud technology services, track user activity, receive alerts about potentially malicious activity and ensure compliance with various privacy regulations.
The evolution of this trend has already begun with the rise of Secure Access Service Edge, which combines the functionality of CASBs with other security tools, such as VPNs, SD-WANs and web access firewalls.
4. AI and machine learning
All these trends will be augmented by the addition of infosec's favorite combo: AI and machine learning.
5. Decentralized identity
Privacy concerns over the amount of personally identifiable information being gathered by vendors is pushing the desire for a more secure way to validate user identity.
Blockchain could provide the answer with self-sovereign identity (SSI) capabilities, where individuals control their own personal data. Turning that into reality could prove tricky, however, because the decentralized nature of blockchain makes simply creating the data repository for SSI a difficult undertaking.