The identity and access management (IAM) space is constantly evolving. Remember the days when we thought lengthy passwords would keep us safe online, and by lengthy we meant 8 characters? And when two-factor authentication in the form of SMS was considered a strong security measure
Those days are long gone—and the pace of transformation is only accelerating.
To keep up with new security threats, increasing customer and employee expectations, and IT environments that are growing more complex to support business initiatives like cloud adoption, you need to stay on the cutting edge of trends in the IAM space.
It’s vitally important because identity has become a key business driver across the organization. Businesses are using IAM to help them accomplish a number of goals, including:
Managing identities, profiles and attributes
Authenticating people, systems and things
Enabling access to resources
Managing runtime access to applications and application programming interfaces (APIs)
Given the rapid pace of change and increasing scope of identity, Ping Identity recently invited the Chief Information Security Officers (CISOs) from leading enterprises to talk about where we are today and where we are headed.
The CISO Advisory Council
First, let’s meet the council. Ping Identity’s CISO Advisory Council is comprised of CISOs from 12 enterprise organizations, including:
Diane Ball, CISO for BCBS Tennessee
Steve Martino, CISO for Cisco
Stanton Meyer, CSO for CoBank
Ben Mayrides, CISO for Cvent
Sam Masiello, CISO for Gates Corporation
Larry Whiteside, CISO for Greenway Health
Michael Strong, CISO for GCI
Chris Gullett, VP of Information Security for Allegiant Air
Frank Aiello, CISO for American Red Cross
Adrian Mayers, CISO for Vertafore
The group discussed what’s happening in the identity space today and shared their insights on the seven trends they believe will shape the future of identity.
The Future of Identity
#1 New methods of identity proofing
For centuries, identity proofing has required people to show up at a physical location and have their identity documents inspected. This method isn’t going to scale in the age of the internet. New methods of remote proofing and social proofing are currently being developed that will change the way people trust each other online.
A recent Ping blog post covered how the gap between identity proofing and account recovery techniques is about to widen because there's a big difference between proofing a lack of relationship and verifying a persistent relationship. Better verification options like assertions from authorities (banks, the DMV, employers) and other strong relationships have better fraud reduction potential than identity proofing methods that are quickly being squeezed out. To replace out-of-wallet experiences, Ping predicts that services like "photograph your physical ID" will thrive.
#2 Passwordless authentication
When individuals interact online, they frequently do things that attackers would never do, like pay bills, order small items to be shipped to their homes or send a note to say hi to mom. Authentication will eventually be smart enough to recognize these as contexts that are low risk and don’t require a password. There are also many contextual pieces of information that could indicate people’s true identities, like the devices they use and how they interact. Authentication of the future—for both individuals and enterprises—will be adaptive and contextual so a password is required only when necessary.
The future is already here. At IDENTIFY Europe 2017, organizations including VEON, Applied Materials, Microsoft, Accenture and Capgemini centered on digital transformation and described how they're using advanced identity and access management capabilities, like passwordless mobile single sign-on (SSO) and cloud automation, to solve modern identity and security challenges.
#3 Behavioral analytics and machine learning
It used to be that you could grab a latte in the morning and hop into a cab with no one knowing who you were. Starbucks and Uber have changed that forever. People increasingly interact with the world in an authenticated context, which means that the companies with which they interact have a lot of information about their behavior. Machine learning gives businesses an even bigger opportunity to apply the data in different ways. They will be able to remove frustrations and friction from their customers’ daily lives by remembering who they are, what they like, when they’re likely to access services and exactly how much whipped cream their kids like on their hot chocolate.
The mission of the Identity Defined Security Alliance, a partnership between leading tech vendors, is to provide a complete solution blueprint and best practices for a comprehensive security platform. A key part of its framework is user and entity behavior analytics (UEBA), security intelligence that leverages machine learning to quickly discover actors and systems that exhibit uncommon behavior, detect advanced attacks, prioritize incidents and guide effective response.
About Ping’s CISO Advisory Council: Made up of CISOs from leading global enterprises, this group provides insight to Ping Identity on security, privacy and compliance challenges within the global enterprises we serve. It helps inform Ping’s strategic vision, product roadmap and go-to-market strategies. Interested in getting involved? Please reach out to your account executive to learn more.