The pandemic changed the way we all work. Work from home (WFH) has provided businesses with new challenges in Identity and Access Management (IAM) safety. Last year alone McAfee ATR observed an average of 588 threats per minute, an increase of 40% in the third quarter of 2020 (McAfee ATR, 2021).
Cyber attacks forced enterprise businesses to take a long hard look at the problem with identity governance and role mining, and implement new best-of-breed IAM solutions. The trend in spending on IAM solutions accelerated quickly in the second half of 2020, driven by many organizations’ need to improve business continuity and protect employees (VentureBeat). VentureBeat gathered the insight from Forrester’s “The Top Trends Shaping Identity And Access Management In 2021.”
- Forrester predicts 61% of security decision-makers will increase their IAM budget in 2021, 32% will increase their spending by 5% or more.
- Fifty-two percent of security decision-makers say their firm has already implemented 2-Factor Authentication or passwordless authentication for employees. Forrester estimates 31% were implementing one of those in 2020 or had plans to implement in 2021.
- Forrester’s study predicts that the number of nonhuman identities across many enterprises will grow at more than twice the pace of human identities. Nonhuman identities are “assisted and unassisted bots, service accounts, cloud automation and APIs, Internet of Things (IoT) devices, and robots.” Forrester also found that software bots are expanding across customer service, finance, and IT departments for automation.
- Forrester reports vast vulnerabilities in client organizations such as firewalls, web application firewalls, and secure web gateways that lack an integrated identity concept across their core policies, specifically in the areas of network endpoints and payload inspection. They recommend their clients take a more granular and dynamic network access approach based on Zero Trust Edge (ZTE), which links network traffic and activity to well-identified, authenticated, and authorized users (human and machine identities).
- Forrester stresses the importance that managers must take note of the exponential increase in nonhuman identities due to cloud platforms’ reliance on machine-to-machine integration and adapt to the urgent need enterprises have to define their IAM strategy for managing them.
The Forrester report hints that solutions will require an intense need for greater observation of security and more resources to manage systems.
Gartner predicts by 2023, 40% of IAM application convergence will primarily be driven by Managed Security Service Providers (MSSPs) that focus on delivery of best-of-breed solutions in an integrated approach, shifting influence from product vendors to service partners. By 2024, 30% of large enterprises will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes (Gartner).
Identity Governance could use graph analytics to mine business data and identify role candidates. Katana Graph’s Hadi Ahmadi, Director of Solutions Architecture and Business Development, explains the value in defining an innovative approach to support the changes in IAM.
"Protecting resources and assets against unauthorized access has always been a concern for organizations of any size. A typical solution to this is to assign a fine-grained entitlement (i.e., permission) to every resource and then require users who need to access a resource to possess the resource’s corresponding entitlement.”
“The challenge is, as companies grow, they will add/remove products, projects, locations, devices, users, etc. They need to manage more layers of permissions to keep up to date how identities get assigned to resources. In many scenarios, there will be ad hoc assignments of user entitlements based on on-demand access requests.”
“Identity Governance systems use two main approaches to manage roles in the organization. The first approach is in top-down role engineering where functional “business roles” are defined. Thus a second, bottom-up approach called “Role Mining” is used to discover existing access patterns and extract “IT roles” from them. For compliance and business audit requirements purposes, “role mapping and reconciliation” techniques are used to map discovered “IT roles” back to the corresponding “business roles.” This process is highly resource-consuming as it has to be performed on a regular basis to keep up with the dynamic evolution of access in the enterprise.”
