We’re Giving You a Glimpse Into the Future of Identity
What does the future hold? It’s a question that many of us are pondering on a daily basis. But when it comes to identity and access management (IAM) solutions, answering this question has significant implications for businesses
In my role as Chief Product Architect at Okta, this is the work I am doing alongside my team. Together, we’re responsible for staying on the leading edge of identity systems, predicting trends, developing strategies for our product roadmaps, and actively helping to set identity and security standards. To help with that, I work hard to keep my finger on the pulse of the identity industry, participating in groups such as the Internet Engineering Task Force and OpenID Foundation, and conversing with other industry leaders.
In my upcoming Identity+ panel, I will be joined by Michael Kelley, Research Director in the Secure Business Enablement Group at Gartner, to discuss today’s trends and where they’re going to lead us. As a dedicated expert in IAM adoption and implementation, Michael has helped multiple large enterprises modernize their authorization, federation, directory integration, and user management, and has made it his mission to monitor where this dynamic field is moving. The panel will also be moderated by Julie Smith, Executive Director at IDSA.
The future of identity has many paths
This year, the ways we conduct business, commute to work, utilize office space, and offer goods and services have changed in unprecedented ways. And as more of these activities go online, they’ve prompted a larger need for frictionless mobility across platforms, apps, and channels—and for them to be secure and compliant. At the same time, the identity landscape is also shifting. What we once defined as identity as a service (IDaaS), is now SaaS-delivered IAM, and has broadened its scope to include access management (AM), privileged access management (PAM), and identity governance and administration (IGA). Accounting for these trends, here are some of the themes Michael and I will be addressing in our conversation:
A new approach to information security
The concepts of zero trust and continuous adaptive risk and trust assessment (CARTA) were already on the radar of forward-thinking businesses before the impact of COVID-19; now they have to be a focus for all organizations. As Gartner defines it, the CARTA framework is founded on the principle that when everyone has the potential to be signing on from anywhere, trusting traffic on the corporate network is neither sufficient nor safe.
Instead, measures and models must be put in place to authenticate logins at the level of individual users and devices—who they are, where they are, and what they’re trying to access. Okta has already conducted research to track how far organizations worldwide have come in terms of Zero Trust implementation; now it’s important to look at what this portends for businesses in 2021 and beyond.
Broader implications of COVID-19
Beyond amplifying the need for Zero Trust, the pandemic has prompted interest in and adoption of other core IAM functionalities. For instance, multi-factor authentication (MFA), which is a critical component of a Zero Trust security model, is being required by a growing number of organizations to better protect their resources.
At the same time, the shift to dynamic work across the globe has had a dramatic impact on the applications that businesses are adopting and deploying, with collaboration and network security tools zooming to the top of the list. This was tracked in detail in the Business @ Work (From Home) report we published in April 2020—but since then, we’ve had a lot of time to see what’s changed, what’s stayed the same, and what will transform further in the months and years ahead.
Continuous authentication
Continuous auth is fundamentally transforming the way forward-thinking businesses connect their users to their systems. With increasingly robust IAM and security frameworks, they’re moving from a “connect first, authorize second” mindset to “authorize first, connect second” so that device assurance, identity assurance, authenticator assurance, and federation assurance are regularly reviewed to grant proactive access to users. This is changing the identity game, but it’s still a complex puzzle that organizations need to take a comprehensive approach to solving.
Decentralized identity
As another major development in the IAM landscape, this shift represents a move away from a centralized identity model with a selection of key players (e.g., Facebook, Google, and Microsoft) to a decentralized model where the user has control over their identity. This approach promises to let users become the stewards of their own data and privacy, and has the potential to reduce risk for organizations while increasing transparency, compliance, and audit readiness.
Looking forward
Identity has become a barometer for our times. By looking at it as a critical indicator of what’s to come, we can have a better idea of what the future holds across businesses, industries, and sectors, so that we can all lay the foundations today in order to serve our workforces and customers tomorrow.
You can join myself and Michael Kelley for the Identity+ panel on December 8, 2020. Together, we’ll look back on what has truly been a history-making year, and prepare for the years ahead.