The major shift to remote and hybrid working over the last two years, has solidified Identity’s position at the center of a strong cybersecurity strategy. The traditional IT security perimeter no longer exists, with many applications and services now hosted in the cloud being accessed by a variety of identities in the office, at home, on the road or a combination of all of these.
Ensuring secure access to these new cloud-based and legacy on-premise applications requires a transformation of how organizations deploy their Identity Governance and IAM initiatives. These trends, combined with the emergence of Zero Trust and Identity-as-the-new-Perimeter strategies, has really ended the old way of trusted users inside the corporate perimeter and confirmed Identity as the ultimate control plane.
So, what should you expect to see in the coming year as the management of identity-related risk continues to evolve?
A significant trend in identity management in 2022 will be intelligent unification – a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. This can lead to siloed information and a disparate approach to security where some solutions are focusing on niche use cases.
Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, the contexts or reasons why they have the access and usage data showing how they are using the access will be crucial in reducing identity related risk. Breaking down these siloes and sharing information across these boundaries will provide assurance that your identities are truly secure and greater adaptability to tackle new identity challenges as they arise.
Continued Cloud Adoption
SaaS solutions and cloud services will continue to enjoy increased adoption in the new year. In a survey by Enterprise Strategy Group, respondents reported that 52% of business-critical apps are now cloud-based rather than on-premises – and that number is growing. Organizations are now able to switch vendors and to scale up services they have been using more easily than ever before. This subsequently increases the threat surface within organizations when it comes to managing identity-related risk.
In light of this continuing trend, Identity Governance and IAM solutions must be able to provide a cloud native foundation of versatile configurability. This will allow organizations to securely scale with demand and securely manage their identities across an ever-growing number of applications and services.
Autonomy in identity management processes will increase throughout 2022. Currently, identity management still involves an amalgamation of manual and semi-autonomous activities – meaning that there can be considerable overhead for administrators and end users. This manual effort combined with the continued shortage of IT and security professionals is not sustainable.
Identity Lifecycle Management and access provisioning has been automated to varying degrees for some time. Governance around user access requests, reviews, and violation management less so but recent innovations have seen drastic improvements in prescriptive analytics providing decision support for end users, reviewers and approvers. It’s true that for the most critical applications and sensitive data, there will always be a need for some level of human decision making or approval. However, as we see an increase in the amount of useful data held on identities and their access automation of approval, review and violation detection and remediation will also increase.
The marriage of flexible configurations and increased identity analytics will bring about intelligent unified governance platforms. Such platforms will significantly reduce the manual aspect of implementing, managing and interacting with identity management processes.
Securing Identities for the Future
Now that the traditional corporate perimeter no longer exists, how do you adapt to an identity-centric approach to your cybersecurity strategy? The last two years have ushered in a sea of change regarding how organizations manage identities and their access. Hybrid working and cloud-based services and applications create greater opportunities for anytime, anywhere productivity but also increases the complexity of managing your identity related risk. The right solution coupled with the right strategy will enable you to realize the benefits of these opportunities without sacrificing on security or efficiency.
The first and continuing trend for next year – cloud adoption – will feed into the emergence of unified identity governance solutions and increasing autonomy. Organizations need an identity-centric strategy that provides a holistic view of identity that frees their end users and administrators from the drudgery of tasks that can be automated. Keep an eye out for these trends in the new year and reflect on whether your strategy is ready for the year ahead.
By Craig Ramsay, Senior Solution Architect, Omada.