It’s that crazy time of the year once again. The time for visiting family and friends, holiday parties, dinner, exchanging gifts, and … identity management predictions. As 2017 comes to a close, we can look back and see that it was quite a year for cybersecurity. When it comes to data breaches, 2017 is outpacing 2016 so far, there’s been a heightened focus on regulatory demands due to the EU’s General Data Protection Regulation (GDPR), and there’s been a number of interesting authentication developments.
I think 2018 will be just as, if not more, interesting.
Authentication continues to evolve in interesting ways
Next year we will see increased experimentations with different types of authentication. This will be largely fueled by interest and adoption in Apple Face ID.
While most people I’ve spoken like the Face ID user experience, all isn’t rosy with Face ID. There have been researchers who claim to have bypassed Face ID with masks, family members, and masks built by using photographs of the target. When it comes to facial recognition, these are kinks that will be smoothed over time.
It’s still not clear how definitive the researchers’ findings are, such as how much effort it would take to create a mask from photos of a targeted person. It’s not a concern for most users, it is a concern for high-value targets. Biometrics based on fingerprints have had their share of embarrassing research surface as well, and now such authentication is everywhere.
What I appreciate about Face ID is that it just functions within the device workflow of using the device. Next year and beyond we will see other attempts at authentication that is embedded within user workflow such as other forms of biometrics.
GDPR will spur identity management investments
The GDPR, at least when done right, changes how many organizations approach data security — especially how they manage access to data and applications. Expect more multinational companies, not just those organizations based in the EU, but all of those that do business there, start getting more serious about how they manage and monitor access. I think we’ll see more continuous identity monitoring and management so that organizations persistently have more transparency and control over who has access to what data and applications and when. Identity management will also extend more to unstructured data, such as all of those files strewn about on cloud services and internal file servers.
Enterprises better get moving. The GDPR goes into effect in May, and despite years of heads-up, a survey of 400 business managers found that 92 percent don’t consider themselves ready for the upcoming regulatory mandates.
AI importance grows in IDM
AI and machine learning are all the rage right now in cybersecurity and much of what is being said is likely overpromising and under delivering. However, one area AI will prove to excel in the next year is in analytics.
Machine learning will prove itself by identifying and warning enterprises by better identifying user behaviors that need to be investigated. There is so much access and usage data being generated in most mid-sized and large organizations that enterprises just can’t keep up. Through different types of analysis, such as behavioral pattern matching and statistical analysis, machine learning will help enterprises to see what they actually need to see.
Identity management becomes more strategic
As enterprises continue their digital transformation efforts, and digitizing every aspect of their business, they’re going to increasingly need to rethink how well they leverage identity. The faster their organization moves, and the more digitized it is, the more they’re going to need identity and it’s going to have to be implemented in a way that is fast and agile, while also protects users, applications, and data.
This centrality of identity to the enterprise partially explains why the identity management market, according to the research firm Research and Markets, will grow to about $10 billion next year, up from $5 billion in 2013.