Looking at the future of identity access management (IAM)
Here we are: at the beginning of a new year and the start of another decade. In many ways, technology is exceeding what we expected by 2020, and in other ways, well, it is lacking.
Back to the Future made us think we would all be using hoverboards, wearing self-drying and fitting jackets, and getting to and from the grocery store in flying cars by Oct. 21, 2015. Hanna-Barbera promised us a cutting-edge, underwater research lab in its 1972 cartoon, Sealab 2020.
While some of the wildest technology expectations from the big and small screen may not have come to fruition, the last decade of identity and access management development didn’t let us down.
And, I believe identity access management (IAM) cloud capabilities and integrations will continue their rapid spread – as well as their transformation of enterprise technology and the way we do business – in this new decade and beyond.
Here are three IAM predictions for 2020.
1. Single sign-on (SSO) protocols steadily decrease the need for unique accounts and credentials for every resource, so Active Directory (AD) is put on notice.
SAML, OAuth 2.0, OpenID, and other protocols mean people will see a drastic reduction in the number of unique accounts and credentials necessary to log in to certain websites. Do you need to log in to manage a site or do some online shopping? Likely, you can just use your Google or Facebook account to verify your identity.
This trend will continue to dominate throughout business-to-consumer efforts. I believe it will also take hold of business-to-business and internal business operations, thanks to the SSO developments made by Okta, Tools4ever, and other industry leaders.
The rise of SSO and the maturation of cloud platforms, such as G Suite, will likely result in a reduction in Microsoft’s market hold with on-premise AD. As more enterprises transition to hybrid infrastructures to the cloud, flexibility means relying less on systems and applications that pair with AD to authorize user access.
Google Chromebook and other devices prove that the AD divorce is possible. Because of this, expect to see directory battles between Davids and Goliaths like Microsoft.
2. Downstream resources benefit from improved integration.
Along with the increasing use of protocols connecting IT resources, expect downstream systems, applications, and other resources to utilize identity data better. We’ll see how information transferred within the protocols mentioned above can be leveraged.
Provisioning will be far more rapid since transferred identity data will help to create accounts and configure access levels immediately. Continual improving integrations will provide administrators and managers with far more granular control during initial setup, active management, and deactivation.
Also, increasing connectivity allows centralized management at the source of the authoritative identity data and pushed easily from there. At the same time, systems and applications will better incorporate identity data to enforce a given user’s permissions within that resource.
3. Multi-factor authentication (MFA) pervades our login attempts and increases the security of delivery to stay a step ahead.
MFA is already popular among some enterprise technologies and consumer applications handling sensitive, personal data (e.g., financial, healthcare), and will continue to transform authentication attempts. A lot has been said about increased password complexities, but human error is still persistent.
The addition of MFA immediately adds further security to authentication attempts by having the user enter a temporarily valid pin code or verify their identity by other methods.
An area to watch within MFA is the delivery method. For example, SMS notifications were the first stand-out but forced some organizations to weigh added costs that messaging might bring on their mobile phone plans. SMS remains prevalent, but all things adapt, and hackers’ increased ability to hijack these messages have made their delivery less secure.
Universal one-time password (OTP) clients, such as Google Authenticator, have both increased security and made the adoption of MFA policies much easier through time-sensitive pin codes. Universal OTPs also do away with the requirement for every unique resource to support its own MFA method.
PIN codes are now getting replaced by “push notifications,” which send a simple, secure “yes” or “no” verification prompt that allows access. After the client app is downloaded and registering your user account, a single screen tap is all that is needed for additional security to your logins.
Gartner has been praising push notifications as the way of the future for a couple of years. Gartner predicted that 50% of enterprises using mobile authentication would adopt it as their primary verification method by the end of 2019.
The cloud will undoubtedly control IAM’s potential for the foreseeable future.