Five Identity and Access Management Predictions for 2020 and Beyond
By Paul Butler on December 11, 2019
As we reach the final few weeks of 2019, many of you will be thinking of the projects which you will be planning or embarking on in 2020. Maybe you will be looking to the cloud for greater scalability; it might be that you plan to replace ageing systems or hardware with something more modern. In either case – and those outside of my two examples – the challenge is to keep up with the fast-pace of change and implement solutions and controls which are in keeping with the wider trends.
I myself have been thinking about how this relates to the industry I work in – identity and access management.
I have spent much of my time, over the past twelve-months, speaking with our customers, business partners and our own experts behind the scenes; learning from their challenges, experiences. Crucially, I get an insight into not just what is up-and-coming, but what will actually take-off.
And so, for 2020, here are my predictions for the identity and access management market.
#1 – Convergence of Security and Networking Teams
Even today in 2019, the line between the SOC (Security Operations Centre) and the NOCs (Network Operation Centre) is already becoming blurry.
For the large part, the role of the two are intertwined and will continue on this path throughout 2020. Very few network roles and jobs are absent of consideration for security, particularly when it comes to communication between the outside world and the internal network.
Similarly, security is no longer the “post-review” department, used to seek sign-off, which it once was. Modern development methodologies and even regulations such as the GDPR require security input at the design stage – meaning security teams are having to become more technology aware.
As an IT security vendor, this means that we must continue to cater to the high expectations of both or a converged version of those two teams.
#2 – Automated Provisioning from a Single Source of Truth
Admittedly, this is not a new concept. For as long as computer domains have existed, IT administrators have used solutions such as Microsoft Active Directory as a single source of truth for much of the services they provide in their networks.
However, the cloud and services which are hosted online have challenged Active Directories flexibility in the modern age, which has led to a fracturing of authentication sources dependent on where the authenticating service is, its capabilities and security.
Federated identity solutions have attempted to tie this all back together, but their complexity meant that the up-take is reserved to the largest of organisations with the most skilled teams.
In 2020, this desire to want to return back to a single source of truth will gain momentum as smaller organisations will want to streamline the way their users work, and want to avoid the security pitfalls of fragmented user repositories.
A great example of how this works in practice comes from our very own Idaptive solution. Our solution can utilise Active Directory, federated identity systems, alternative sources of identity such as a HR system, plus automatically provision and license users in well-known solutions such as Office 365.
#3 – The Death of Hardware 2FA Tokens
We have been building up to this moment for some time. But I do believe 2020 will be the harbinger of the decline for hardware 2FA tokens.
Today, you would be hard-pressed to find anyone other than a commercial bank using these small plastic devices used to generate a 2FA passcode for authentication.
Why?
They are costly, require additional management and users tend to treat them with little ownership. Meaning that they are lost or damaged at the cost of the service provider.
Software-based tokens have existed for some time. Starting with the 2FA passcode delivered by SMS and now commonly using a smartphone app. But things have continued to move on since then.
Today, the emergence of push-notifications mean that users no longer have to copy a code from one screen to another. Instead they are presented with a yes or no prompt on their smartphones, to prove it is they who is attempting to authenticate somewhere. The security of passing a passcode is handled in the background and can be called on in very specific circumstances. Such anomalous behaviour or an unusual source location.
When you consider how far software tokens have come and how sophisticated the security is becoming – hardware tokens seem as old as the dinosaurs.
#4 – A stronger Focus on Single Sign-On Technologies
From a user perspective, predictions two and three signal a greater focus on user experience and the simplification of authentication. My fourth prediction continues this theme with my belief that single sign-on will gain more prominence in 2020.
While a single source of truth will dominate the provisioning and de-provisioning of accounts, single sign-on services will become the dominate form of authenticating those accounts, whether that be in be many services authenticating against a single sign-on source or a single pane of glass for authentication.
The reason for this can be attributed to a few reasons:
- More control over the user account in question.
- Weak passwords less likely to be used.
- Less support calls due to forgotten passwords.
- A common branding and authentication experience.
# 5 – Real-Time Anomaly Alerting and Response
Discussions about AI (Artificial Intelligence) and ML (Machine Learning) and their useful application have been going on for some years. Where I think there is great scope is in the use of automated anomaly detection, something which the network vendors of this world have been working with towards with much success.
With regard to identity and access management, we as an industry typically build a wall or a set of policies and only react to unauthorised access post-event.
There is, however, growing interest in the area of being able to detect anomalies such as unusual keystrokes, new source locations, and even the date or time, and then reacting by either alerting, blocking the attempt, or dropping additional controls or authentication stages in place.
Some of these actions could seem counteractive to the aim of making the authentication process simpler and smoother for users. However, such actions would be tuned to take place only in extreme circumstances.
Where actions are not taken directly, SOCs and even converged SOC/NOC teams could be alerted in real-time that anomalous behaviour is being detected, through traditional alerts such as email; or by interacting with SOAR (System Orchestration, Automation and Response). Which could, in turn, trigger a chain of pre-defined steps for response.
Ultimately, what customers are looking for today is better integration between solutions to reduce their response times. What do you think 2020 holds for identity and access management?
Latest Jobs
-
- Senior Data Privacy Consultant. Client Facing | London
- London
- N/A
-
Senior Data Privacy Consultant. Client Facing | London Senior Data Privacy Consultant needed for a key client facing opportunity. Must be willing to undergo SC Security Clearance. Hybrid role- onsite with customer / office 2-3 days a week. London Key Responsibilities: Lead and support client facing data privacy projects. Assess compliance, define and deliver strategic projects / implement privacy solutions. Manage project teams and develop business opportunities. Required Experience: Experience in data protection and privacy standards. Background in consulting. Skills and Qualifications: Business consulting experience IAPP Privacy Manager / Privacy Technologist Location Greater London UK based role. Not able to provide VISA sponsorship.
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- SailPoint File Access Manager Consultant/ Architect
- N/A
- discussed on applications
-
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file