News

Identity And Access Management: 18 Important Trends And Considerations

With the rise of digital workspaces and marketplaces, having a firm grip on identity and access management is a must for every business. Simply put, IAM comprises the processes and technologies used to monitor and control access to a company’s digital resources, including networks, applications, and organizational and user data.

Without a robust IAM system to verify users’ identities, manage role- and permission-based access, and secure sensitive data, a business leaves itself open to unauthorized access, data breaches and even legal penalties, so it’s essential for leadership teams to be aware of rising trends and emerging threats. Below, 18 members of Forbes Technology Council detail important new trends and growing concerns businesses need to stay on top of as they develop and maintain effective IAM systems.

Zero-Trust Architecture

Stay ahead of the changing threat landscape with zero-trust architecture. Unlike traditional security architecture, ZTA no longer assumes trust for anyone, whether inside or outside the network. By constantly authenticating and verifying users and devices, ZTA makes it difficult for attackers to navigate within a network. Leading organizations, including the U.S. Department of Defense, have fully embraced ZTA for this reason. – Neil Lampton, TIAG

Passwordless Authentication

The rise of passwordless authentication, such as via passkey, is an aspect of identity management that organizations should be aware of. Until now, most multifactor tools have required consumers to use third-party apps or purchase additional hardware. Most big manufacturers supporting passkeys will accelerate the migration away from insecure passwords. – Kevin KorteUnivention

Standards For Cloud Deployments

Multicloud and hybrid deployments are increasing the level of administrative complexity, particularly for access-control policies. Organizations including the OpenID Foundation and the Cloud Native Computing Foundation are working on standards to address these concerns. Vendors and enterprises are also involved in these efforts, which will improve the interoperability of access systems over the next several years. – Gerry Gebel, Strata Identity

Know Your Customer And Anti Money Laundering Standards

Up to now, Know Your Customer and Anti Money Laundering mandates have been the exclusive focus of financial institutions and government agencies, but they are an emerging trend in enterprise identity and access management. The need for these standards to prevent phishing and ransomware attacks was most recently brought to light by the security breaches at MGM and Caesars. –Michael Engle, 1Kosmos

Added Vulnerability Due To Complexity

One thing everyone needs to know about IAM is that it’s both an organization’s shield and an attacker’s target, and lately, identity’s complexity and size have favored bad actors. Recent breaches (including the Caesars hack) demonstrate how gaps in identity security give cybercriminals an opening. To prioritize cybersecurity, an organization needs to prioritize identity, ideally by unifying its functions into one secure solution. – Jim Taylor, RSA Security

Cyber Insurance Risk Management

Companies should be leveraging proper identity hygiene and access management to help reduce their cyber insurance premiums. Brokers and providers look at critical IAM areas such as cyber risk governance, privileged access review and recertifications, least privilege access, critical account protection, and more when determining risk within a company. – Rita Gurevich, SPHERE

The Impact Of Generative AI

Bad actors using generative AI now have a far more significant impact on identity management. AI has enabled hackers to impersonate individuals with much lower costs and minimal inconvenience. The barrier to believably representing yourself as someone else has dropped considerably, meaning more attacks leveraging these approaches are on the horizon. – Matthew Peters, CAI

Security Of IoT Devices

One emerging trend in identity and access management that everyone should know about is the importance of bolstered cybersecurity for Internet of Things devices. Nowadays, most of the things we use daily are IoT devices. Business leaders and consumers need to carefully consider the security of their TVs, smartwatches and other high-tech electronics if they want to mitigate risks and keep sensitive data safe. – Thomas Griffin, OptinMonster

Recognition Of Non-Human Entities

The recognition of non-human identities is an intriguing trend in IAM. As the IoT expands, managing the identities and access permissions of machines, applications and algorithms becomes as crucial as managing human identities. This trend underscores the importance of a comprehensive IAM strategy that encompasses both human and non-human identities. – Marc Fischer, Dogtown Media LLC

Dynamic Access Control

Current access management technology relies on static permissions, which can turn even a single identity compromise into a catastrophe, as seen in recent attacks. With the majority of attacks now leveraging identities, dynamic access control is required for enterprises to defend against this menace. Leveraging normal business systems to determine dynamic privileges can make administration simple. – Atul Tulshibagwale, SGNL.ai

Privileged Access Issues

One disturbing trend in IAM is the rising number of attacks enabled by privileged access being provided to service accounts; these attacks are causing widespread corporate security breaches. In many organizations, service accounts are provided with “super admin” privileges, which results in hackers being able to easily penetrate networks. Regular penetration tests and periodic access reviews can prevent these costly errors. – Buyan Thyagarajan, Eigen X

Multiaffiliation Identities And Behavior Analytics

Multiaffiliation identities and behavior analytics are the next big trends in IAM. Depending on the task, the time of day and other factors, devices and humans often act as different personas. Defining the persona and the role of the identity, granting the right access, and monitoring the accompanying behavior is the leading-edge method for moving from traditional customer experience practices to influencing device behavior. – Spiros Liolis, EYP Mission Critical Facilities, Part of Ramboll

Adjustable Access Management

Fitting the access to the situation is now key. This remote working era comes with higher security and compliance risks, and companies must adjust their access management accordingly to account for where and on what device an employee is working. One policy does not fit every situation or use case in the varied business and technology ecosystem we now enjoy. – Agur Jõgi, Pipedrive

AI-Powered Behavior Analysis

An emerging trend capturing attention is the use of AI for behavior analysis. By harnessing the capabilities of artificial intelligence, platforms can identify and flag deviations in typical user behavior or access trends, offering real-time alerts to potential security breaches. Even when login details fall into the wrong hands, unusual activities can be promptly detected and countered. – Sandro Shubladze, Datamam

Palmprint Scanning

Palmprint transactions for IAM are a powerful tech tool that can evolve the industry through improvements to security and the ease of use of products. Imagine palm scanners that identify you when you check out at a grocery store, start your vehicle or open doors. You will no longer need to take out your phone, let alone your wallet. – WaiJe Coler, InfoTracer

Federated Identity

One of the single largest trends in identity and access management impacting organizations and the general public is the advent of federated identity. This identity method allows users and customers to enjoy easy access to services and systems in an “anytime, anyplace, anywhere” model. Trusted identity management models that leverage second and third parties are now commonplace, and it’s therefore possible to remodel legacy access designs. – Mark Brown,British Standards Institution (BSI)

Digital Identities

The use of blockchain technology to establish online digital identities is a rising trend in IAM. As the metaverse expands, people will be able to embody a digital identity as they stream, play games and engage in video conferences. This will allow content creators to control anonymity and engage with different communities and allow general users to represent themselves in the way that they like. – Jordan Yallen,MetaTope

Decentralized IDs For Connected Devices

Decentralized IDs for connected devices will transform the way we interact with smart machines. Imagine your electric vehicle logging in peer-to-peer at any charging station and paying for the session from its own wallet. The Bosch-led moveID project showcased this potential at this year’s IAA MOBILITY event, and as machine IDs gain traction, we will see an entire new Economy of Things come to life. – Max Thake, peaq

Previously published on Forbes.