Identity and Access Management (IAM) is bound to be increasingly an integral part of our personal and business lives as the technological and societal landscape continues to rapidly change. Although we can not fully and accurately predict anything beyond the near future, it is likely that technology will continue to change our lives in future years which will require a new approach to identity and access management.
“When considering that users’ inability to protect and manage passwords causes over 90% of cyber attacks, it is evident that our current IAM approach which mostly uses passwords for authentication can not support the security of the future state where many devices will be interconnected” says Henry Bagdasarian, Founder of Identity Management Institute and cybersecurity thought leader.
For example IAM will expand beyond humans, pets, and other living things to include identities of robots and smart devices. Anything that needs to be connected to something for data sharing and automated tasks will be connected to make human lives easier, collaborative, and more productive.
As distributed and interconnected systems increase in numbers, seamless, continuous, and accurate access to all resources with advanced authentication systems such as biometric and artificial intelligence technology will be prevalent. Password will be the thing of the past as user controlled access will be replaced by machine controlled access management. There will be no more passwords to access systems or badges to enter buildings. Smart systems will be able to recognize and greet us using some of our personal and distinct features when we use ATMs, enter stores and restaurants, visit online websites, enter office locations, drive cars, and access business systems.
Identity management and artificial intelligence will revolutionize security beyond people, places, and things that we manage today as increasing number of devices and systems will communicate with and learn from one another without human intervention. For example, household systems which will be a big part of the Internet of Things will communicate with each other to control and manage our lives. Refrigerators will order food items when the inventory goes down, fire detection systems will contact the fire department and other nearby households in case of fire, doctors will be notified when our vital signs show trouble and much more. Almost everything will have an identity which will change today’s definition of identity theft.
Form a business standpoint, distributed and trusted identity concept will be adopted by every object, service, and system. A person may have multiple identities but still be recognized as the person and the identities of smart things will be linked to persons owning the objects. With the increasing number of highly potent identities, global identity service providers will register identities and maintain identity directories.
Biometric authentication uses a person’s characteristics to identify and authenticate the person. Biometric technology is advancing rapidly and the market for biometric systems is estimated to increase from $10 billion in 2015 to about $40 Billion by 2022 according to various research reports. Artificial Intelligence embedded in the future IAM products will be able to learn about the user for access management and user activities will be analyzed and anomalies will be reported automatically.
The list of biometric authentication options includes:
- Face recognition,
- Finger print and geometry although it is easier to copy or steal a finger than other human parts,
- Hand geometry,
- Ear geometry by simply pressing it against the phone screen during a phone call. No two ears are alike even on the same person,
- Eye iris or retina recognition,
- Gait or behavioral biometric such as keystroke dynamics, mouse use, and walking patterns.
- Heart rhythm can be used in wristbands and other devices for wireless identification to the computer, cars, house, and in stores for making payments,
- Butt biometrics can be used to authenticate a user by the way they sit. This technology can be used in cars to start the car and adjust car preferences automatically,
- Nose can be used to identify a person as it is a distinct human feature although it is often surgically modified and rendered useless for authentication,
- Vein matching also uses a finger or a palm, but provides a few additional security benefits through vein analysis of only alive persons which makes it difficult to fake,
- Sniff test although in early stages with 10% failure rate can filter out smells like hand cream or changes in odor caused by diet and disease with an artificial nose to identify a person.
Accuracy and affordability will determine which biometric technology will be the market leader. However regardless of product leadership, with increasing number of interconnected systems and devices, unauthorized parties must be kept out of systems and authorized parties must not be denied access to approved resources. Both scenarios present a big risk to the business whereby one leads to data breach with all sorts of consequences and the other leads to lost productivity and inefficient operations. These challenges will be addressed by advanced identity and access management solutions which will shape the future of cybersecurity.
Many of today’s identity and access management tasks will be automated whereby the work of access administrators will be handled by machines in which case robots will authorize and grant access to resources.
The rapid changes in technology and huge dump of data by robots will require future identity and access management professionals to have analytical and critical thinking skills to sort out useful data and make sense of all the machine reported data. The work of identify and access management specialists will be to design the automated tasks performed by robots, override machine decisions, and act upon reported data.