Mary Writz, ForgeRock: Non-Human Identities Will Be Just as Important as Human Identities in 2021

This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.

Mary Writz, VP of Product Management at ForgeRock:

1. What we know about cybersecurity will change

In 2021, fraud will increase dramatically. One of the unfortunate downsides businesses face after undergoing a major digital transformation is a dramatic increase in fraud. In 2020, we saw consumers moving to online services in record numbers for everything from shopping, healthcare, education, government services to working remotely. Just like the spike in fraud that took place in the U.S. when taxes moved online, we expect to see an increase in bad actors targeting businesses to exploit new systems. We’ve already seen a glimpse of what’s to come with Zoom-bombing that took place when classrooms moved from in-person to virtual environments due to the COVID-19 pandemic.

Quantum computing will change how we think about secure access. When quantum becomes an everyday reality, certain types of encryption and thereby authentication (using encrypted tokens) will be invalidated. Public Key Infrastructure (PKI) and digital signatures will no longer be considered secure. Organizations will need to be nimble to modernize identity and access technology.

2. What we know about secure authentication will change

Contactless authentication will be everywhere, while facial recognition will decline. To reduce the spread of germs, all kiosks (such as travel kiosks) and ATMs will move to contactless versions of interaction where you scan your personal mobile device and use an app to interact with the kiosk instead. However, due to the need to wear personal protective masks, facial recognition will decline in popularity, and we will move back to fingerprints or more modern behavioral authentication techniques.

Zero Trust performance hits a bottleneck. As we move more and more to “identity as the new perimeter,” we will hit a performance bottleneck because the number of non-human identities will exponentially grow due to both 5G and modern DevOps. This will lead to an increase in the number of real-time decisions to make based sheerly on the number of identities that exist. Also, the amount of context or signals we want to pull in to make those run-time decisions will increase bandwidth significantly. Enterprises will find they cannot accept the latency and toll on bandwidth and must be managed at the edge. This will bring back the notion of distributed compute for some real-time decisions to happen at the edge, preserving the ability for identity to be a viable perimeter.

3. What we know about digital identity will change.

Non-human identities will be just as important as human identities. While we often associate digital identity with a person, many other “things” will need identities from watches to wristbands, to supervisory control and data acquisition (SCADA) sensors and medical equipment, to even DevOps containers and Kubernetes resources. While the number of human identities may grow at a slow pace, the number of non-human identities will explode. For example, enterprises want to attach identities to machines, such as virtual machines, hosts or containers to control security, as well as spend on cloud compute. The ratio of humans, or developers, to machine identities is 200:1 and still growing.

National identities will become more prevalent as national, state and local governments transform to provide services primarily in digital format. COVID-19 is driving the need for new services like contract track and trace and remote access to benefits services, which will continue globally. For example, the new Japanese prime minister has aggressively called for the digitization of government and a new digital agency will be established to drive “e-everything.” In England, we saw the emergence of an NHS COVID-19 contact tracing app that citizens could use to enter pubs and restaurants. These examples show how this trend is already evolving.


  • LinkedIn

©2020 by Enterprise Security Tech