Identity Management Predictions
2014 just started and the coming year signals a new era. In 2014, trends beginning around 2009 take shape to become the norm. Gone are the days of blind trust in privileged accounts, lackadaisical governance and the outsourcing frenzy. On the bright side for IT Security professionals, 2014 looks to be the year of the job.
Here are our top identity management predictions for 2014.
1. Identity Management at Center Stage
Prediction: Organizations that embrace efficiency look to experience better access control, governance and security at a lower cost.
Identity and access management (IAM) continues its transition from information technology to an overall business enablement tool. Threats to businesses, mounting compliance, and information security concerns push identity management to center stage. Enterprises seek increased capabilitiesfrom next-generation IAM solutions, such as Self-Service with robust workflow automation. As an added benefit, automated workflow tied to identity requests results in better security. Where Identity management once simply referred to granting access, it now truly delivers on all of the needs of an identity from access to assets to every type of service request.
2. The Value of Intelligent Outsourcing
Prediction: Companies continue to experience less value and lowered information security than anticipated from outsourced IT operations.
Outsourcing relationships continue to be focused on IT operations, and as a result, they can negatively impact security, as outsourcers must make decisions based on cost savings vs. security. In 2014, companies begin to think more intelligently about information security outsourcing. This includes what to outsource and what not to outsource. Commodity capabilities, like vulnerability scanning and best practice risk assessments, lead the outsourced services. Such outsourced services allow internal resources to focus on more strategic work. At the same time, they give an objective evaluation of vulnerabilities and operations.
3. Identity Governance and Administration Takes a Leading Role
Prediction: An Identity governance and administration focus will prove to be essential.
The days when IT operates in a silo are over as technology becomes embedded in all aspects of the business. In the new era, business users leverage whatever technology is available to them and on any device to execute their duties. With business users leveraging social networks, cloud services and on-premise enterprise systems, the need to efficiently review access, asset and service assignments becomes just as critical as the original granting of them. As part of the new era, Identity Governance and Administration (IGA) offers unified controls linked to the provisioning solution. While IAM focuses on securely assigning privileges, access certifications provide as much or more security benefits by validating existing access. Since people often acquire excessive access over time, an IGA focus proves to be essential in 2014.
4. Information Technology Leadership under the Spotlight
Prediction: Numerous technology improvements and best practices will keep security leaders scrambling to examine and execute ahead of corporate risk.
The Identity Theft Resource Center® recorded 619 breaches in 2013 representing a 30% increase over the 2012 total. Even with the dramatic onslaught of high profile breaches and increased awareness about enterprise risks, information security improvements still lag behind the resources and technology available to CISOs. In 2014, security leaders continue to drain their time and efforts complaining about budgets and upper management support when a focus on operational execution could dramatically improve their security stance.
5. Legacy of Failed Identity Management Implementations
Prediction: The legacy of failed Identity Management implementations will finally be overcome.
Rather than thinking strategically with a full business view of one-time costs, ongoing costs and operational efficiencies, organizations look primarily at software licensing costs when making decisions. Organizations investing in identity and access management must think beyond software licensing costs. It represents a minimal piece of the overall financial puzzle especially now that IAM has evolved to automate more than just account provisioning. When license cost is the primary concern, organizations later realize that implementation costs, ongoing support challenges, and unrealized benefits dramatically impact the solution’s overall ROI as well. For identity management solutions, the flexibility of the product must be top-of-mind as well since it must be able to adapt to future business changes.
6. Identity Management Reaches into Consumer Pocketbooks
Prediction: As hackers target credit card information, requests for an enterprise focus on PCI Data Security Standards (PCI DSS) will come from the boardroom.
Over the holiday, retail giant Target acknowledged system breaches affecting over 40 million credit and debit cards. The security breach started on their store payment systems and spread to their enterprise systems. Target’s cyber breach exposed the organizational lack of control over consumer’s privileged information. Although Target quickly righted their security inadequacies, according to security experts, the cyber crime ranks as one the biggest consumer breaches ever. In spite of the news, this incident represents the tip of the iceberg. In 2014, expect to hear more.
7. Rising Concern Over Privileged Identity Management Threats
Prediction: Although key compliance and best practice regulations such as PCI-DSS, HIPAA, SOX, FIPS 200, and NIST 800-53 all require privileged access controls, whether executives take action, remains to be determined.
After Edward Snowden supplied journalists with classified NSA documents, every executive from CISOs to CIOs realized the true risks of privileged access. IT staff holds the keys to most corporate systems. Without monitoring and controlling privileged access, every organization is at risk. Granting access is one thing, but continually monitoring and attesting to who has this access becomes a critical activity.
8. Small and Medium Size Businesses Reach for Cloud Identity Management
Prediction: Small and medium size businesses will embrace Cloud Identity Management.
According to Cisco’s Small and Medium Business Services (SMB) research, SMB cloud and SaaS will grow to over $200 billion in 2015. Effective cloud identity management will decide whether security is an enabler or simply an IT cost component. Without proper controls, large enterprise organizations will continue to perceive the threats in moving to the cloud as too risky. While IAM solutions are increasing their capabilities to manage cloud accounts, cloud providers are also creating APIs to allow for direct access management. As cloud IAM functionality matures, enterprises will begin leveraging cloud services to save money and improve operations.
9. IT Security Jobs Galore
Prediction: With the growing number of platforms, devices and services, IT security professionals will experience a bonanza of opportunities.
The supply of qualified highly skilled IT Security professionals will not keep up with demand as enterprises seek ways to automate operations to the fullest. In a demand-driven labor pool, enterprises can expect to pay top dollar for the right combination of skills. Companies operating outside of large metropolitan areas will be particularly impacted by this trend. The best talent will gravitate toward Silicon Valley and other technology hubs. Gaming and hospitality, health care, energy, and manufacturing companies operating in outlying areas will experience the greatest difficulty in recruiting and retaining talent.
2014 looks to be an event filled year. Stay current on identity management news, industry trends, and technology innovation. Subscribe to our blog. We are never short on opinions.
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.