The Future of Identity and Access Management

Identity and Access Management (IAM) is bound to be increasingly an integral part of our personal and business lives as the technological and societal landscape continues to rapidly change. Although we can not fully and accurately predict anything beyond the near future, it is likely that technology will continue to change our lives in future years which will require a new approach to identity and access management.

“When considering that users’ inability to protect and manage passwords causes over 90% of cyber attacks, it is evident that our current IAM approach which mostly uses passwords for authentication can not support the security of the future state where many devices will be interconnected” says Henry Bagdasarian, Founder of Identity Management Institute and cybersecurity thought leader.

For example IAM will expand beyond humans, pets, and other living things to include identities of robots and smart devices. Anything that needs to be connected to something for data sharing and automated tasks will be connected to make human lives easier, collaborative, and more productive.

As distributed and interconnected systems increase in numbers, seamless, continuous, and accurate access to all resources with advanced authentication systems such as biometric and artificial intelligence technology will be prevalent. Password will be the thing of the past as user controlled access will be replaced by machine controlled access management. There will be no more passwords to access systems or badges to enter buildings. Smart systems will be able to recognize and greet us using some of our personal and distinct features when we use ATMs, enter stores and restaurants, visit online websites, enter office locations, drive cars, and access business systems.

Identity management and artificial intelligence will revolutionize security beyond people, places, and things that we manage today as increasing number of devices and systems will communicate with and learn from one another without human intervention. For example, household systems which will be a big part of the Internet of Things will communicate with each other to control and manage our lives. Refrigerators will order food items when the inventory goes down, fire detection systems will contact the fire department and other nearby households in case of fire, doctors will be notified when our vital signs show trouble and much more. Almost everything will have an identity which will change today’s definition of identity theft.

Form a business standpoint, distributed and trusted identity concept will be adopted by every object, service, and system.  A person may have multiple identities but still be recognized as the person and the identities of smart things will be linked to persons owning the objects. With the increasing number of highly potent identities, global identity service providers will register identities and maintain identity directories.

Biometric Authentication

Biometric authentication uses a person’s characteristics to identify and authenticate the person. Biometric technology is advancing rapidly and the market for biometric systems is estimated to increase from $10 billion in 2015 to about $40 Billion by 2022 according to various research reports. Artificial Intelligence embedded in the future IAM products will be able to learn about the user for access management and user activities will be analyzed and anomalies will be reported automatically.

The list of biometric authentication options includes:

  • Face recognition,
  • Finger print and geometry although it is easier to copy or steal a finger than other human parts,
  • Hand geometry,
  • Ear geometry by simply pressing it against the phone screen during a phone call. No two ears are alike even on the same person,
  • Eye iris or retina recognition,
  • Gait or behavioral biometric such as keystroke dynamics, mouse use, and walking patterns.
  • Heart rhythm can be used in wristbands and other devices for wireless identification to the computer, cars, house, and in stores for making payments,
  • Butt biometrics can be used to authenticate a user by the way they sit. This technology can be used in cars to start the car and adjust car preferences automatically,
  • Nose can be used to identify a person as it is a distinct human feature although it is often surgically modified and rendered useless for authentication,
  • Vein matching also uses a finger or a palm, but provides a few additional security benefits through vein analysis of only alive persons which makes it difficult to fake,
  • Sniff test although in early stages with 10% failure rate can filter out smells like hand cream or changes in odor caused by diet and disease with an artificial nose to identify a person.

Accuracy and affordability will determine which biometric technology will be the market leader. However regardless of product leadership, with increasing number of interconnected systems and devices, unauthorized parties must be kept out of systems and authorized parties must not be denied access to approved resources. Both scenarios present a big risk to the business whereby one leads to data breach with all sorts of consequences and the other leads to lost productivity and  inefficient operations. These challenges will be addressed by advanced identity and access management solutions which will shape the future of cybersecurity.

Future IAM Skills

Many of today’s identity and access management tasks will be automated whereby the work of access administrators will be handled by machines in which case robots will authorize and grant access to resources.

The rapid changes in technology and huge dump of data by robots will require future identity and access management professionals to have analytical and critical thinking skills to sort out useful data and make sense of all the machine reported  data. The work of identify and access management specialists will be to design the automated tasks performed by robots, override machine decisions, and act upon reported data.

Learn about professional IAM certifications and get certified to prepare your career for the future.

Identity and Access Management Market Analysis

This identity and access management market analysis is made possible by existing research reports and assessments made by Identity Management Institute based on publicly available information which indicate a fast growth in the Identity and Access Management (IAM) segment of information security.

Identity and Access Management Market Analysis

According to a recent study, IAM market is estimated to grow from about USD $10 Billion in 2019 to over $22 Billion by 2024. The identity and access management segments of the study included access provisioning, single sign-on, advanced authentication, audit, compliance, governance, directory services, and password management. The audit, compliance, and governance segment is expected to grow at the highest rate. The adoption of identity & access management solutions in the Asia-Pacific region is expected to grow at the fastest rate due to the significant growth in the industrial sector as well as rising demand for cloud-based solutions from manufacturing and other verticals.

Growth Drivers

Major growth drivers of the IAM market include compliance, process inefficiency and errors, increase in hacking incidents and data breach cases which concern global organizations, and, changes in technology, societal, and operating trends.

Below is a list of drivers that fuel the identity and access management growth:

  1. The identity and access management market growth is primarily driven by the increased demand in security governance, enforcement concerns, distributed systems and workforce, as well as lower quality of security services within organizations. Security policy enforcement challenges arise when  systems, people, and access management practices are distributed requiring single sign-on and federated identity management as well as older systems lacking the proper settings to be configured in accordance with the stated security policies and standards.
  2. Stolen employee access credentials is by far the leading cause of system hacking cases and data breach incidents which will cost businesses about $5 trillion by 2024. In fact, stolen employee password and human error are responsible for around 90% of data breaches according to leading industry and government reports.
  3.  Changes in technology and way of life are forcing organizations to seek identity and access management solutions. Consider the following:
    • The Internet of Things (IoT) will make almost every object connected to the Internet and each other including drones, cars, and household devices to name a few.
    • Bring Your Own Device (BYOD) policies by many organizations which slowly but increasingly allow users to use their personal devices for work purposes making security and privacy a real challenge. For example, device identification and authentication process must be effective and software installed by companies onto their employees’ personal phones or devices which can track non-business related data such as employee location, texts, photos, and almost everything else must follow policies that are well defined, communicated, and enforced.
    • Mobility and remote workforce make authentication and access management a real challenge.
    • Rise of cloud computing and storage due to lowered cost of maintaining a dedicated data center and improved system management present a new set of security risks which include reliance on third parties to maintain controls.
    • Online file sharing and collaboration for increased efficiency and productivity also present new security and privacy risks.
  4. Challenges related to on-boarding and off-boarding such as manual and slow processes for access provisioning and inappropriate approvals in decentralized environments in which system owners decide who can access which resources is also driving identity and access management market growth higher. Delayed access to resources results in lost productivity and potentially revenues, and, delayed removal of departed users from systems creates security risks.
  5. Approving and adjusting user access in accordance with their new job duties as they move across the enterprise is a real challenge to manage in larger organizations. This is another main area where IAM technology can support organizations to manage their security risks. “In the future, more important than technical skills, security professionals must have analytical and critical thinking skills to analyze data reported by security systems” says Henry Bagdasarian. “As the automated IAM systems generate reports and information about system access such as excess user access and privileged accounts, dormant or inactive accounts, system attacks, and active accounts belonging to departed users, security analysts must be able to quickly digest the data, analyze trends, and take swift actions to minimize the risks” he continues.
  6. The acknowledgement that a single-factor authentication is no longer acceptable in the expanding digital world and stronger authentication mechanisms are needed to improve security such as a multi-factor authentication or biometric authentication is another IAM growth driver.
  7. Regulatory compliance is another driver of the IAM market growth as many organizations must comply with a variety of regulations which are sometimes overlapping and can make compliance inefficient. Identity and access management solutions help compliance, measurement, and reporting more efficient as IAM solutions can eliminate redundancy and automate assessments, communication, and reporting.
  8. Fast changing, hostile, and competitive environments often force management to make quick decisions. The deployment of identity and access management solutions allow organizations to quickly identify issues and make decisions for mitigating risks.

Shortage in Cybersecurity Experts

This identity and access management market analysis also considers the global cybersecurity expert shortages and unfilled jobs to be a major risk.

Identity and Access Management certification

Professional Certifications

Identity and access management certifications are gaining popularity due to the growing IAM market and risks. Visit the certification page to learn about the IAM technology, governance, operations, and risk management certifications.

Identity and Access Management market report and predictions for 2021 and beyond.

Identity and Access Management Market Report and Predictions for 2021 and Beyond