The Future of Identity Security: Four Major Elements
Authored by Jaishree Subramania, Vice President of Product Marketing
Earlier this year, we conducted research surveys across the globe that culminated in our Horizons of Identity Security Report. During this project, identity security decision-makers from across the world helped us clearly define five horizons of identity security programs, from beginning to advanced. Using the advanced programs as a model and general trend analysis, we also uncovered exciting findings about the future of identity security.
As we look across the identity security domain—the current landscape and where it’s heading—there are four major elements that will define the future of identity security: identity integration across technology environments, dynamic trust models, universal identities, and frictionless access.
Integration
Today, identity is mainly focused on humans and is siloed between technology environments. In the future, identity will become a common link across all environments: hybrid, Cloud, SaaS, applications, devices, APIs, and data, just as database keys are used across tables. Identity programs that are integrated with data, cloud, and DevSecOps will enable rapid business and technological innovation. How do we know? 50% of survey respondents with identity capabilities wanted an identity-centric security platform where identity is linked to cover machine, cloud, SaaS, and APIs, making it the top-ranked platform preference.
Dynamic Trust
Trust is mostly defined within a network today. In a dynamic trust model, access will evolve based on an identity’s behavior and interactions, just as humans learn to trust each other. Artificial intelligence (AI) will understand interactions across environments and adjust each identity’s access accordingly. And this is not a pipedream: 50%+ of survey respondents have or intend to adopt AI models for identity, with 34% looking to adopt behavior-based dynamic trust models in the near term.
Universal Identities
In the current state, every organization maintains and verifies its own identity data. With universal ID, employee personas, machines, legal entities, business networks, and customers will merge with federated access, creating identity groups across domains and geographies. It will govern the business network and third-party identities, allowing even gig and temporary workers to be verified and trusted using “bring your own identity” (BYOI) capabilities for seamless access. Federated identities will eventually be granted access by institutions or through decentralized decision protocols. This is already taking shape: several countries have started to implement forms of universal ID – e.g., Bank ID in the EU, eID in France, UID in India, and in early 2022 Apple launched its first digital identity wallet in Arizona with additional states planned to follow.
Frictionless Access
The average worker has about seven ways to verify identity today. With frictionless access, authorization will be dynamic, automated, and code-driven, making seamless, password-less authentication the norm. Biometrics and other device-based authentication methods, combined with sophisticated privacy protocols and AI transparency, will allow secure and private access to physical and digital environments. Early signs include: the development and adoption of password-less authentication standards such as FIDO 2.0 gaining mainstream adoption, and facial recognition algorithms are getting more accurate, with the error rates dropping over the last several years.
As these next-gen identity technologies evolve, they will also ensure user’s privacy, provide transparency in AI-based access decisions, and enable a seamless user experience. Imagine a world where new employees and vendors are onboarded almost instantly – with exactly the right access needed to do their work, where acquisitions and workforce transformations occur in a fraction of time of previous expectations, where customers smoothly and easily make purchases, and where rapid innovation is securely enabled from anywhere in the world. I encourage you to read the full report and check out our infographic. Who knew identity security could be so cool?