Key trends for identity and access management
CA Technologies announced its predictions in identity and access management (IAM) and their impact on security professionals in 2014.
“We believe that the technology trends of cloud, mobile and social will continue to heavily influence the direction and need for IAM in 2014, but we also see new business demands and enabling technologies joining in to put a twist on the IAM and security path for many organizations,” said Mike Denning, senior vice president and general manager, Security business, CA Technologies.
1. The software-defined, open enterprise emerges: The enterprise is remaking itself into a platform that developers can experiment with and innovate on. Every IT layer from data to application to infrastructure to network is becoming service-enabled and software-defined through APIs. The pattern extends beyond the data center to partners and cloud services as enterprises are forced to open up.
A new wave of innovation will be ushered in as developers both inside and outside the enterprise gain access to the core building blocks that define an organization. This will speed experimentation and innovation as they construct new mashups leveraging the full range of software defined assets. Traditional IT departments will need to evolve to protect and secure access to these new assets as building blocks for agile development.
2. Hardware elements in mobile devices will become an increasingly important part of IAM: Users will continue to adopt new mobile devices on a short (12-24 month) cycle, rapidly making advanced hardware security technologies, such as ARM TrustZone, widely available. Device manufacturers will build security systems, such as Samsung Knox, on top of these technologies.
These systems will help solve the BYOD challenges enterprises face by providing secure ways to separate corporate and personal data and applications. In addition to securing the devices themselves, users will be able to use them to identify themselves to other systems and to perform advanced functions like secure payments. The phone will finally begin to establish itself as the primary and secure way of authenticating users and proving identity.
3. Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments: The recent online user experiences as part of the Obamacare rollout demonstrated the logistical challenges of validating online identities in an accurate and scalable manner.
As more and more users enroll in online services, demand for identity proofing services will increase significantly, but organizations will continue to experience identity proofing challenges. While the sources for identity proofing data will continue to expand with the digitization and exposure of new public and private records, this continued demand for identity proofing in 2014 will force the industry to collaborate and partner more closely to deliver scalable identity proofing to meet these needs.
4. The CMO will become a new force for broad identity management initiatives: Successful marketing depends on understanding customers’ needs and providing them with a convenient experience for registration and enrollment. Allowing social login and maintaining a corporate presence on social networks provides an opportunity to capture valuable customer data, including user identities, social interaction patterns, and browsing and buying tendencies.
The CMO will press for these capabilities to help the enterprise engage with its customers, develop a stronger relationship with them, and improve loyalty. Identity management infrastructures that support these marketing initiatives will experience improved demand as “business enablement” gains wider recognition as a critical driver of IAM.
5. Risk-based authentication expands beyond Financial Services: While corporate desire for employee and customer mobile enablement is strong, security mechanisms that are cumbersome for consumers accustomed to instant access are met with resistance or all-out avoidance. The need for both stronger authentication and a positive user experience will lead to the widespread adoption of risk-based authentication, in which contextual data about users, devices, applications, locations and other potential risk factors are collected and analyzed to determine a risk-level for the user’s identity.
Financial Services has been a leader in the adoption of risk-based authentication due to the high value of many customer transactions. But, this technology will begin to be more widely adopted across other industries as the need for improved security without impacting user convenience increases.