The Tech-Road Ahead: 2020 Trends Require a Radical Rethinking of IAM
Gartner released the Top Tech-Trends for 2020 at its recent CIO Conference in Barcelona. Interestingly, all of the trends Gartner identified will require drastically increased agility and flexibility for Identity and Access Management (IAM) solutions. Static, binary authentication is no longer sufficient, including multi-factor authentication (MFA) methods. Going forward, dynamic continuous authentication is the only way to go.
Ten to fifteen years ago, IAM system deployments required significant initial design and implementation efforts. IAM systems were expected to last for many, many years, ideally without ever having to touch the system again. Back then corporations gathered requirements once diligently, then built the IAM system to last, since there was no desire to ever change access policies.
About five years ago, this changed significantly with Apple successfully positioning its Apple ID to sell personalized services in its digital ecosystem. Amazon introduced Prime Family accounts, and Facebook and Google manifested open standards and protocols. Consumers love these services and use them constantly, often seamlessly without even noticing that policies are being altered in the background. Suddenly, companies had to make changes to the IAM systems that were not built to be changed.
New software vendors such as Ping, ForgeRock, Auth0 and others arose to address the need to change. Large corporations using these new IAM tools were enabled to change access policies few times per year to keep pace and release IAM innovations. A significant improvement from never, but of course nowhere near as often as today’s requirements. Transmit Security customers dynamically change access policies multiple times per day!
While our global financial service clients are leading the way here, their high security standards will be adopted in 2020 by many other industries.
According to Gartner, the Top Tech Trends for 2020 are:
Artificial Intelligence and Machine Learning technologies will allow automation of increasingly complex processes. This is also true for our own industry. At Transmit we are convinced that Gartner’s prediction of Hyperautomation will also come true for Identity. Therefore, we are extremely focused on enhancing our already leading automation engine in many ways, including leveraging AI and ML technologies.
The combination of augmented, mixed and virtual reality technologies will enable multi-channel human-machine interfaces. Securing such interactions requires continuous contextual intelligence. It is no longer sufficient to authenticate a user once and grant access to a service. A frictionless user experience can only be achieved by retrieving contextual information and reacting instantly. For example, a user is trying to access sensitive information from his/her Swiss Patient Record from abroad. That user has registered an eID enabled iPhone. Once the user tries to access sensitive content in a given context, the user is prompted with an eID verification request and access can be granted.
Access to knowledge and technology will be far easier. Knowledge will be democratized. USPs are no longer created by retrieving superior knowledge but by uniquely applying knowledge. This is exactly what we do at Transmit Security. We take a radically different approach to identity and hence give our customers access to the highest level of automation in the industry. While traditionally it takes many months to replace authenticators, it can be done in minutes with Transmit (for further details see my colleague’s blog post)
Humans will use technology to boost their own cognitive and physical abilities. Wearables will be used in manufacturing and implants will improve physical human skills. Identity silos for customers, employees, partners or IIoT are a drastic business disabler in this context. A machine operator alongside a manufacturing line that has to enter multiple, different passwords for his machine terminal, his smart gear components and his supporting wearables to work will start every day at work with frustration. It is so easy to change that!
Transparency and traceability will be needed to keep and regain consumer trust. Securing Identities is a key deliverable here. Identity theft, and in particular password theft, has been a prominent and constant problem in IT over the past years. Passwords are the key entry point for fraudsters today. Hence they need to be replaced with dynamic means of authentication (see my colleague's blog post for details). Transmit’s global financial service customers lead the way here. We help them intelligently secure millions of identities and transactions every day. Other industries can benefit from lessons learned by the financial services industry when following that route in 2020.
Edge-Computing will rise to become 20 times bigger than conventional IT. Today the main challenge with Edge communication is: How fast can dump Edge devices push data into one intelligent central target cloud. The magic happens in the target cloud system. Security is currently not a priority in this context, but that must change radically. Edge-Intelligence requires Edge-Security. Example use cases we at Transmit discuss with our industry customers include: What data may a device push where? What other devices may a device interact with? If that device gets compromised, how do we isolate it without interrupting production? Who is allowed to upgrade or replace devices? (See my last blog post for details.)
Distributed Cloud Architectures will be needed to support this shift. Identity and Access Management that is strictly tied to one Cloud infrastructure makes this impossible. Identity orchestration across multiple Cloud platforms is the only way to go.
Autonomous things will no longer just operate in closed environments but enter public spaces. Hence they need to be enabled to interact securely as described above.
Practical Blockchain will help to realize productivity gains. Blockchain is used in logistics or manufacturing, for example, to guarantee transparency and visibility but more importantly to realize efficiency gains when managing complex supply-chain structures. Automotive manufacturers increase the efficiency of their complex Tier 4 to Tier x supply chains by 10 to 20% when relying on blockchain technology. In this context, Transmit supports blockchain implementations by orchestrating who may perform what action in which ledger. We continuously assess each interaction to decide what method of authentication is needed in what context. We also add capabilities such as device binding and transaction signing.
Overall security concepts are needed that support all this, specifically governing Artificial Intelligence usage.
Let's summarize. How often do requirements for IAM Systems change?
10 year ago: never.
5 years ago: a few times per year.
Today: multiple times per day.
The Transmit Platform enables customers to operate at the speed of innovation. It is this speed of innovation that allows our customers to provide a constantly improving hyper-personalized user experience while continuously keeping pace with changing security demands. This is enabling and securing multi-channel and multi-cloud ecosystems to provide seamless digital interactions of smart interconnected (edge) devices, services, things, and humans.
What IAM requirements will arise tomorrow? As long as your IAM system is flexible and dynamic, you will be ready for whatever comes next.