The next two to three years could be interesting for the enterprise when it comes to identity and access management, according to Earl Perkins, research vice president at the Gartner Group.
Gartner released its top 10 security predictions through 2020, a number of which cover identity and authentication. First will be the growth of Identity as a Service – up to 40% of deployments by 2019 — replacing on premise solutions.
Cost will be the primary reason for moving to the cloud, Perkins says. Enterprises can save anywhere between 10% and 35% by moving the system to the cloud.
The systems are also becoming as good as those deployed on premise so the adjustment will be minimal for many enterprises. “There are a lot of additional capabilities you didn’t have with first generation systems,” Perkins says. “Two to three years ago identity as a service was pretty lean, not getting the feature-for-feature capabilities you would with an on-premise system.”
With the preponderance of data breaches there may be some concerns about moving identity management to the cloud but for the majority of enterprises it shouldn’t be a concern. “We’re at a level where cloud security has reached a ‘good enough phase,’” Perkins explains.
There will always be those high-security instances that want to keep identity management within the enterprise, but for most the cloud will be the better option, Perkins says.
Decreased password usage
By 2019, the use of passwords and tokens in medium-risk situations will drop 55%, Perking predicts. While everyone predicts the death of the password, it’s not going anywhere anytime soon.
Instead enterprises should be looking at biometrics and adaptive access control technologies, Perkins says. These two factors will come to prominence as ways to identify individuals online by 2019.
Internet of Things poses authentication problem
IoT-enabled devices are speeding toward the enterprise like a runaway freight train and more than 50% of manufacturers won’t be able to address problems from weak authentication, Perkins says.
The problem is the different types of devices may each have different ways of being identified, and figuring out a way to properly identify and authenticate them will be problematic. The IoT will require different identity architecture because some devices may have an identity, some may need one to be assigned to them and then there’s the question of who does that assignment.
This will require a new data model that will define the relationships between the devices, how they all interact with one another and authenticate. “It’s an evolution of identity management that recognizes that devices will have to have some kind of identity and attributes if you want to interact with them,” Perkins explains.
Most of the authentication of these systems will occur over wireless networks but there ay be some proprietary technology thrown in there. “There’s a concerted effort to use existing authentication capabilities,” Perkins adds.