Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

5 IAM trends shaping the future of security

Identity and access management tools are adapting with the times, and these five trends are here to meet the challenges of protecting today's complex enterprise networks.

Years of data breaches stemming from credential theft, attacks targeting privileged user accounts and poor password practices have led to a major evolution in identity and access management technology designed to protect enterprise data.

Five IAM trends are addressing the need for greater user account and network protection. They are meant to mitigate the damage that could be done as network perimeters are erased, organizations move more applications to the cloud and enterprises increase overall complexity.

1. Moving beyond passwords

The call for the elimination of passwords has echoed through the infosec world for years, but the technology to make it a reality needed time to catch up. Biometrics has become popular and enables the use of one's fingerprints, face, eyes or voice for authentication. But concerns include what happens if someone's biomarkers can be stolen and realistically mimicked.

Two-factor and multifactor authentication (MFA) options are becoming far more user-friendly, which is boosting adoption. MFA is also becoming more secure by moving past easily intercepted one-time codes sent via text to the use of physical keys or other devices -- often a smartphone -- to validate one's identity. Adoption of the FIDO2 standard, including the WebAuthn specification, by major web browsers and smartphone manufacturers is making implementation of MFA easier on the web and in apps.

biometric authentication
Types of biometric authentication

2. Privileged access management

The principle of least privilege is fundamental to IAM, but new privileged access management models include not just monitoring privileged accounts, but also just-in-time access.

Long-term overprovisioning, or privilege creep, is often a source of accidental and malicious threats, and a lack of tracking employees' IT access as they change roles is often the root cause of the issue. A just-in-time provisioning model minimizes these risks by determining access based on multiple contextual factors, monitoring privileged account activity and creating an audit trail to track sensitive data.

3. Cloud IAM models

More employees are working remotely, so enterprise applications and services are increasingly cloud-based. As this trend accelerates, enterprises have sought out cloud access service brokers (CASBs) to manage logins for cloud technology services, track user activity, receive alerts about potentially malicious activity and ensure compliance with various privacy regulations.

cloud IAM
Cloud IAM concepts

The evolution of this trend has already begun with the rise of Secure Access Service Edge, which combines the functionality of CASBs with other security tools, such as VPNs, SD-WANs and web access firewalls.

4. AI and machine learning

All these trends will be augmented by the addition of infosec's favorite combo: AI and machine learning.

AI and machine learning are increasingly being used to track user behavior to add context to the ID verification process and to detect when to block access if that behavior appears anomalous.

5. Decentralized identity

Privacy concerns over the amount of personally identifiable information being gathered by vendors is pushing the desire for a more secure way to validate user identity.

Blockchain could provide the answer with self-sovereign identity (SSI) capabilities, where individuals control their own personal data. Turning that into reality could prove tricky, however, because the decentralized nature of blockchain makes simply creating the data repository for SSI a difficult undertaking.

This was last published in May 2020

Dig Deeper on Enterprise identity and access management