Securing the Enterprise: IAM Trends to Watch (Part 1)

This guest post was contributed by Jackson Shaw, CSO, Clear Skye 

Identity and Access Management (IAM) is a central part of securing the modern enterprise. And while enhancing security is the first thing that comes to mind when we think of identity management, the strongest IAM solutions will ensure the user experience (UX) is as smooth and seamless as possible. It’s a simple concept, but it’s tricky to strike the balance between protecting your valuable data and systems, while also creating a productive work environment. 

Add factors like a highly-distributed workforce, advances in artificial intelligence (AI), cloud proliferation, and persistent threats—inside and outside an organization—and it’s not as cut and dry. The only constant in our digital world is change, so it’s important to re-evaluate best practices, new threats, and what’s ahead. With that in mind, here are several IAM trends to keep an eye on this year.

Anywhere Identity

Enterprises can no longer rely on a single factor, such as location or a device ID, to enable authentication. Today’s workforce is increasingly mobile, working across hundreds of applications from home, co-working spaces, airports, hotels, and everywhere in between . It’s the latest iteration of the most difficult challenge IT leaders face—ensuring security mechanisms are active at the location of work—wherever that location may be. 

As remote and hybrid working is now the norm for many, the shift to securing identity from anywhere is simply the evolution of an age-old problem. The industry lived through the move from mainframes to Client Server, and again from LAN- to SaaS-delivered applications. Historically, with new compute models come new attack surfaces. Implementing a strong IAM strategy is crucial to promoting a culture of flexibility and efficiency, while still guarding the gates. 

Security + UX

IAM is about ensuring the right people are granted the right access to the right resources at the right time for the right reason. We do this because the vast majority of breaches happen via social engineering or phishing attacks. In other words, it’s a people problem. This means the best defense against a breach is to focus on identity management. This ensures employees only have access to the entitlements they need to do their jobs. 

That said, it’s equally important to create a productive working environment for your teams. To achieve this, smart organizations will start to treat security as a business problem, not just an IT problem. This means sharing the responsibilities of risk and compliance cross-functionally. For example, a marketing leader can help determine the access and employee needs, grant it to them, and revoke it, if and when the time comes. This takes some of the burden off of IT, and speeds things up for the employee and department. It also encourages functional leaders to think from a security lens about the permissions that are truly necessary. This will become a more common practice.

PaaS Proliferation 

Security and UX working together is a good lead-in to the proliferation of Platform-as-a-Service (PaaS). Just as IT and functional leaders shouldn’t strictly operate in their own silos, neither should your IAM solution. CISOs have reached the limits of effectiveness associated with managing multiple new solutions for every possible threat. The ultimate solution is security tooling built within the business platforms and processes enterprises already use. 

While specific endpoint technology will always be needed, solutions will become increasingly integrated with larger systems of action that are aligned with an existing employee workflow and risk profile. According to recent research, 85% of Fortune 500 companies use ServiceNow, the world’s leading IT Service Management platform. If this is true for your business, there are thousands of applications—risk, security, and beyond—that are available, and require none of the headaches of a traditional new tech implementation.

As new tools and solutions emerge, regulatory changes happen, and bigger social and economic factors impact how we work and live, cybersecurity will always be at the heart of modern business. And as long as there are humans working behind the scenes, IAM should be at the forefront. But that’s not all—stay tuned for part 2 of IAM trends to watch this year.