Five Identity and Access Management Predictions for 2020 and Beyond
By Paul Butler on December 11, 2019
As we reach the final few weeks of 2019, many of you will be thinking of the projects which you will be planning or embarking on in 2020. Maybe you will be looking to the cloud for greater scalability; it might be that you plan to replace ageing systems or hardware with something more modern. In either case – and those outside of my two examples – the challenge is to keep up with the fast-pace of change and implement solutions and controls which are in keeping with the wider trends.
I myself have been thinking about how this relates to the industry I work in – identity and access management.
I have spent much of my time, over the past twelve-months, speaking with our customers, business partners and our own experts behind the scenes; learning from their challenges, experiences. Crucially, I get an insight into not just what is up-and-coming, but what will actually take-off.
And so, for 2020, here are my predictions for the identity and access management market.
#1 – Convergence of Security and Networking Teams
Even today in 2019, the line between the SOC (Security Operations Centre) and the NOCs (Network Operation Centre) is already becoming blurry.
For the large part, the role of the two are intertwined and will continue on this path throughout 2020. Very few network roles and jobs are absent of consideration for security, particularly when it comes to communication between the outside world and the internal network.
Similarly, security is no longer the “post-review” department, used to seek sign-off, which it once was. Modern development methodologies and even regulations such as the GDPR require security input at the design stage – meaning security teams are having to become more technology aware.
As an IT security vendor, this means that we must continue to cater to the high expectations of both or a converged version of those two teams.
#2 – Automated Provisioning from a Single Source of Truth
Admittedly, this is not a new concept. For as long as computer domains have existed, IT administrators have used solutions such as Microsoft Active Directory as a single source of truth for much of the services they provide in their networks.
However, the cloud and services which are hosted online have challenged Active Directories flexibility in the modern age, which has led to a fracturing of authentication sources dependent on where the authenticating service is, its capabilities and security.
Federated identity solutions have attempted to tie this all back together, but their complexity meant that the up-take is reserved to the largest of organisations with the most skilled teams.
In 2020, this desire to want to return back to a single source of truth will gain momentum as smaller organisations will want to streamline the way their users work, and want to avoid the security pitfalls of fragmented user repositories.
A great example of how this works in practice comes from our very own Idaptive solution. Our solution can utilise Active Directory, federated identity systems, alternative sources of identity such as a HR system, plus automatically provision and license users in well-known solutions such as Office 365.
#3 – The Death of Hardware 2FA Tokens
We have been building up to this moment for some time. But I do believe 2020 will be the harbinger of the decline for hardware 2FA tokens.
Today, you would be hard-pressed to find anyone other than a commercial bank using these small plastic devices used to generate a 2FA passcode for authentication.
They are costly, require additional management and users tend to treat them with little ownership. Meaning that they are lost or damaged at the cost of the service provider.
Software-based tokens have existed for some time. Starting with the 2FA passcode delivered by SMS and now commonly using a smartphone app. But things have continued to move on since then.
Today, the emergence of push-notifications mean that users no longer have to copy a code from one screen to another. Instead they are presented with a yes or no prompt on their smartphones, to prove it is they who is attempting to authenticate somewhere. The security of passing a passcode is handled in the background and can be called on in very specific circumstances. Such anomalous behaviour or an unusual source location.
When you consider how far software tokens have come and how sophisticated the security is becoming – hardware tokens seem as old as the dinosaurs.
#4 – A stronger Focus on Single Sign-On Technologies
From a user perspective, predictions two and three signal a greater focus on user experience and the simplification of authentication. My fourth prediction continues this theme with my belief that single sign-on will gain more prominence in 2020.
While a single source of truth will dominate the provisioning and de-provisioning of accounts, single sign-on services will become the dominate form of authenticating those accounts, whether that be in be many services authenticating against a single sign-on source or a single pane of glass for authentication.
The reason for this can be attributed to a few reasons:
- More control over the user account in question.
- Weak passwords less likely to be used.
- Less support calls due to forgotten passwords.
- A common branding and authentication experience.
# 5 – Real-Time Anomaly Alerting and Response
Discussions about AI (Artificial Intelligence) and ML (Machine Learning) and their useful application have been going on for some years. Where I think there is great scope is in the use of automated anomaly detection, something which the network vendors of this world have been working with towards with much success.
With regard to identity and access management, we as an industry typically build a wall or a set of policies and only react to unauthorised access post-event.
There is, however, growing interest in the area of being able to detect anomalies such as unusual keystrokes, new source locations, and even the date or time, and then reacting by either alerting, blocking the attempt, or dropping additional controls or authentication stages in place.
Some of these actions could seem counteractive to the aim of making the authentication process simpler and smoother for users. However, such actions would be tuned to take place only in extreme circumstances.
Where actions are not taken directly, SOCs and even converged SOC/NOC teams could be alerted in real-time that anomalous behaviour is being detected, through traditional alerts such as email; or by interacting with SOAR (System Orchestration, Automation and Response). Which could, in turn, trigger a chain of pre-defined steps for response.
Ultimately, what customers are looking for today is better integration between solutions to reduce their response times. What do you think 2020 holds for identity and access management?
- IAM developer - Saviynt
- United Kingdom
- Upto £60,000 plus benefits
IAM developer/ Consultant is required for a global consultancy who are looking to expand their deployment team within the UK Looking for a IAM developer who has experience with at least one of the following vendors Saviynt, Clearskye, Beyond Trust or Okta You will be part of a deployment team, involved in a number of high profile projects Key duties will be: implement IAM solutions to ensure secure access to applications, systems, and data for authorized users. This may involve integrating technologies and standards such as SAML, OAuth, LDAP, and RBAC. Conduct IAM audits and assessments: to identify vulnerabilities, gaps, and areas for improvement. Provide IAM support and troubleshooting and resolve incidents related to user access, authentication, and authorization.
- Lead Cyber Security Incident Response Consultant.
- United Kingdom
Seeking skilled and passionate UK-based individual for a Lead Cyber Security Incident Response Consultant opportunity 3 core skillsets for the role Hands on technical incident response (triage and planning). Business consultancy (engaging with clients). Commercial awareness. Being able to engage in business growth conversations. Consultancy experience is an essential as it the ability to visit clients and the office. Additional experience will include, but not be limited to: Developing incident response strategies, guides and procedures for effective incident handling Proactive and reactive defense plans based on cyber threat actors' techniques Offering guidance, supervision, and fostering opportunities for team development Significant career development opportunities for the right individuals.
- OUTSIDE IR35 Contract- Functional tester- SC clearance Microsoft Windows Server
- Outside IR35 contract
Front End Functional tester with SC clearance needed for an Outside IR35 project. Current valid SC clearance is required Experience with functional testing with exchange, sharepoint, SQL and other applications relating across a windows server Migration to 2019. Must be able to get to Central London 3 days a week. Jira, Wiki documentation and automation experience highly desirable.
- ForgeRock Consultant- UK
- United Kingdom
- Upto £100,000 plus benefits
ForgeRock Consultant/ Architect is require for niche consultancy who are looking to expand their presence within the UK/European Market Looking for a lead IAM architect, ideally with ForgeRock experience but would consider other vendors, But looking for someone who is able to advice and consultant with Clients but have the implementation background so they can get involved in projects as and when needed. Key duties will be: Provider IAM consultancy to clients, with a focus on ForgeRock Product stack ·Responsible for the design and implementation of ForgeRock solutions ·Install and configure ForgeRock stack to meet customer authentication and authorization requirements, ·Design and implement OAuth2 protocol using ForgeRock OpenAM, ·Design and develop OpenAM custom authentication modules, ·Configure ForgeRock stack to protect RESTful API, ·Troubleshoot and support ForgeRock IAM stack. This is a great role to join a niche play as they look to kick of their European expansion