The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
A rash of cyberattacks has renewed attention on identity and access management (IAM), which is experiencing a surge in demand across enterprises today. Growth in such tools is driven by organizations’ need to protect and grow virtual workforces while securing digital transformation initiatives.
A look at the trends influencing IAM is in order, and such a view is afforded by a recent Forrester study called “The Top Trends Shaping Identity And Access Management In 2021.”
Written by Forrester analysts Sean Ryan and Andras Cser, the study provides insights into seven key trends defining the IAM market in 2021. IAM has an integral role in zero trust security frameworks, helping to ensure least privileged access to proprietary data and systems.
The Forrester study’s seven key trends emphasize that it is time for enterprises and the CISOs supporting them to reprioritize their IAM roadmaps. That is because of how fast the identity and access management and related governance tool landscape is changing today. The following is an assessment of Forrester’s seven trends defining IAM this year:
Identity and access management gets respect
Spending on IAM solutions accelerated quickly in the second half of 2020, driven by many organizations’ need to improve business continuity and protect employees. The pandemic caught many organizations unprepared for the scale and sophistication of cyberattacks on virtual workforces. With bad actors on the hunt for privileged access credentials that would enable lateral movement across a breached organization, cybersecurity teams worked nonstop in many instances to launch two-factor authentication (2FA). Forrester predicts that IAM growth will continue to accelerate in 2021. The firm’s research found that 61% of security decision-makers plan to increase their IAM budget in 2021, with 32% expecting to increase by 5% or more.
Passwordless gets real
Forrester predicted passwordless authentication would go mainstream a year ago, mentioning the technology in its report “Top Trends Shaping IAM In 2020.” Forrester sees passwordless authentication progressing from hype to adoption. Fifty-two percent of security decision-makers say their firm has already implemented 2FA or passwordless authentication for employees. The research estimates 31% were implementing one of those in 2020 or had plans to implement in 2021. Virtual teams need a zero trust-based approach to passwordless authentication to stay secure, ensuring that bad internal actors don’t misuse privileged access credentials and that bad external actors don’t get a chance to steal them. Verizon’s 2021 Data Breach Investigations Report found that privilege abuse is the leading cause of breaches today. Stopping privileged access abuse starts by designing a passwordless authentication system that is so intuitive users aren’t frustrated using it while providing adaptive authentication on any mobile device. Ivanti’s Zero Sign-On (ZSO) approach to combining passwordless authentication and zero trust on its unified endpoint management (UEM) platform indicates how vendors are responding. It uses biometrics, including Apple’s Face ID, as the secondary authentication factor for gaining access to personal and shared corporate accounts, data, and systems. Additional passwordless authentication providers include Microsoft Azure Active Directory (Azure AD), OneLogin Workforce Identity, and Thales SafeNet Trusted Access.
IAM programs become more agile
Rigid, inefficient approaches to defining role, policy, or attribute-based access control for privileged identity management, governance, and user directories need an overhaul. Legacy approaches to access controls are leaving too many gaps at the role-level for bad actors — both internal and external to an organization — to exploit. As a result, Forrester finds that agile software development frameworks are becoming more commonplace in IAM development and deployment. That’s great news for security and risk professionals who have worked to adopt a more just-in-time (JIT) approach to access workflows in order to streamline how cloud platforms and software-as-a-service (SaaS) app sessions grant user identity access privileges on the fly.
The scale-out of nonhuman identities explodes
For over a year, Forrester has been predicting that the number of nonhuman identities across many enterprises will grow at more than twice the pace of human identities. Forrester defines nonhuman identities as “assisted and unassisted bots, service accounts, cloud automation and APIs, internet-of-things (IoT) devices, and robots.” Forrester also found that software bots are expanding across customer service, finance, and IT departments for automation. That comes in the face of major uptake in use of robotic process automation (RPA). In addition, Amazon Web Services, Microsoft Azure, the Google Cloud Platform, and many other public cloud platforms rely extensively on machine identities to perform tasks, a factor Forrester says contributes to the exponential increase in nonhuman identities. Leading vendors providing IAM for machine identities include AppViewX, ThyocoticCentrify, HashiCorp, Keyfactor, and Venafi, all of which are used in active zero trust frameworks across organizations today.
IAM suite providers expand
Cloud-based IAM suites are gaining in popularity across enterprises because they offer pre-integrated stacks that streamline integration, ongoing maintenance, and procurement, according to Forrester. Cloud-based IAM delivery form factors (IDaaS or managed services) also fuel the creation of IAM suites through added hybrid support, giving organizations the freedom to turn on new features as needed. In addition, the report points to the recent series of acquisitions, including CyberArk acquiring Idaptive, Okta buying ScaleFT and Auth0, and Ping acquiring UnboundID and Symphonic. Forrester believes the acquisitions are driving a more horizontal expansion of IAM.
Network, endpoint, and data security
Forrester is seeing in client organizations how firewalls, web application firewalls, and secure web gateways lack an integrated identity concept across their core policies, specifically in the areas of network endpoints and payload inspection. As a result, they’re recommending their clients take a more granular and dynamic network access approach based on zero trust edge (ZTE), which links network traffic and activity to well-identified, authenticated, and authorized users (human and machine identities). Leading solutions in this area include Ericom Software’s ZTEdge platform, which combines microsegmentation, zero trust network access (ZTNA), secure web gateway (SWG) with remote browser isolation (RBI), and ML-enabled identity and access management.
Customer identity doubles down on analytics
Forrester says end-user clients in IT security, marketing, lines of business (LOB), and application development are saying that customer identity and access management (CIAM) systems now require access policy enforcement and comprehensive user management. Marketing and digital product professionals want more precise, identity-specific data to fine-tune marketing campaigns and measure their effectiveness. CIAM platforms can provide useful identity analytics and consent management audit data, all aimed at excelling at compliance and being a responsive resource for customers. It’s up to security and risk professionals to deploy a CIAM platform if those goals are to be achieved.
Forrester’s look at IAM trends provides security and risk professionals with insights into how IAM is changing. This rapid change should be seen as part of a broader cybersecurity strategy. Managers must take note of the exponential increase in nonhuman identities due to cloud platforms’ reliance on machine-to-machine integration and adapt to the urgent need enterprises have to define their IAM strategy for managing them. Expect IAM budgets to continue increasing as the scale and variety of threats to virtual workforces escalate. These are trends to keep top of mind as organizations pivot to launch new digital-first selling and service strategies and other digital transformation efforts.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more