Revealed during the Gartner Security and Risk Management Summit, analyst Earl Perkins announced his top 10 predictions for IT security in five key areas of security concern. The topic most of interest to me – and the reason I write to you now – is the arena of identity and access management (IAM), for which Perkins shared 2 predictions.
Prediction 1: The Rise of IDaaS
According to Perkins’ first prediction for the IAM market, “By 2019, 40% of identity as a service (IDaaS) implementations will replace on-premises IAM implementations, up from 10% today.” IDaaS solutions have some clear benefits – they are known for their rapid deployment and simplistic integration with popular applications, many of which are also cloud based.
It is worth noting that some IT professionals are resistant to relinquish control of sensitive user data to a third party, citing that they would rather maintain their user data on premise. While I agree with Perkins’ assessment that IDaaS solutions will be on the rise over the course of the next few years, I don’t foresee on-prem solutions disappearing just yet.
Prediction 2: Goodbye, Passwords?
Perkins’ second prediction that “by 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies” suggests passwords may go the way of the dodo.
Back in December 2015, we conducted a survey with Wakefield, revealing that a whopping 91% of cybersecurity professionals believe the traditional password will not exist in ten years. In the past, passwords have been the preferred method of use for secure access management. They both enforce a baseline level of security and are generally budget friendly. However, amidst the recent barrage of high-profile cyberattacks, attitudes towards passwords have changed drastically.
We’ve seen attacker after attacker compromise credentials and use them to their advantage. (In fact, according to the 2016 Verizon Data Breach Investigations Report, 63 percent of data breaches made use of either weak, default or stolen passwords.) And with costs associated with cyberattacks totaling millions of dollars a year, it’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy.
Companies are learning that password-only policies leave organizations quite vulnerable. Instead, organizations must confirm user identities with the strongest forms of access control while balancing a positive and non-intrusive user experience. Making use of “recognition technologies” such as device recognition, threat intelligence, IP reputation and behavioral biometrics in layers helps strengthen any organization’s security posture. These advances in techniques help form a new adaptive authentication shield. Layering these multiple techniques help users stay both secure and productive with minimal disruption to their daily routines.
To learn more about how SecureAuth can help your organization move beyond the traditional password and ensure your sensitive data remains secure, contact us on our website.