The Future of Identity: ForgeRock Shares 2021 Predictions
While 2020 has been a roller coaster of a year, there has been one note of certainty: digital transformation has accelerated at an unprecedented rate, and identity and access management (IAM) is a big part of that evolution. In anticipation of 2021, we asked four of our experts to share their perspectives on what you can expect in the new year.
Allan Foster, Chief Evangelist: “Move over multi-factor authentication. User managed access (UMA) will reign supreme in 2021.”
With more services online than ever before, users have come to expect amazing digital experiences. To keep up with these expectations, digital experiences will need to involve more than one identity as more organizations start to embrace the idea of delegation. Often, authorized users are geographically separated or using a variety of devices – and these accounts or devices may not even be connected.
Here’s a common example. When renting out Airbnb lodging, the host needs to grant guests access to connected things like the thermostat, smart TV, and other devices for the duration of their stay. To make this happen, the host needs to be able to work with more than one identity associated with each device and delegate access to guests. Of course, once the guest departs, access to the devices needs to be revoked. Situations like this drive the need to focus on how to work with a collection of identities.
Enterprises have a similar situation, with a population of users needing access to specific applications at certain times, but not necessarily all the time. Many applications rely on traditional means of authentication, like multi-factor authentication (MFA), but transactions that involve more than one person or identity are not really an authentication problem. This is where advanced technologies like user-managed access (UMA) can help customers and employees manage who is allowed access to their resources, for how long, and under what circumstances. Essentially, UMA facilitates the connections of the identities while optimizing the user experience.
In 2021, solutions that provide a convenient central management system for organizing digital resources that reside in many locations, delegating access to others, and monitoring and revoking access when necessary will take over from traditional authentication and MFA controls.
Ben Goodman, Senior Vice President: “ 2021 will be the year of ambient identification methods as organizations shift to ‘zero login’.”
Now that passwordless authentication technology, such as biometrics, is widely used, we will see a shift toward a “zero login” process, which removes friction for the user unless there is an issue with the initial authentication.
There are huge upsides to this. There will be no credentials to remember, and MFA will be silent on the back end. Zero login will be more secure than using a password, username, or MFA because it can use factors such as device enrollment and device reputation, fingerprints, keyboard typing patterns, the way the phone/device is held, and other markers to verify identity in the background while the user enjoys a frictionless experience.
For zero login to be successful, all these identity verification factors must be measured and combined in a transparent way so that consumers don’t feel their privacy is being compromised. Organizations should also have the option to introduce authentication steps into the process if they prefer to introduce more friction for bigger or riskier actions. This is the approach online retailers like Amazon take when customers want to purchase big ticket items. By not allowing the “buy in one click” option for purchases over a certain dollar amount, they are adding friction to the purchase process to ensure the buyer is who they say they are. Rather than only authenticating at the “front door” with passwords or MFA, extra security steps will be added right at the point of potential fraud during the transaction to create a better digital experience for users. Zero login enables smarter authentication that adjusts as necessary for a more seamless login experience across an individual's devices.
Eve Maler, CTO: “IT will infuse access governance with intelligence to protect workforce cybersecurity in 2021.”
Accelerating changes in enterprise technologies, cyberthreats, and the user landscape are increasing pressure on traditional identity governance and administration (IGA) solutions and, in turn, on security and compliance teams. On top of growing compliance risks, enterprise IT environments become more complex every year, increasing the number of applications and systems that need to be accessed by their users. These challenges are driving organizations to seek out artificial intelligence (AI)-driven solutions that simplify and automate the access request, access approval, certification and role-modeling processes.
In 2021, we will see AI increasingly employed to enable an autonomous identity approach. AI-infused authentication and authorization solutions will be layered on top of, or integrated with, existing IGA solutions, providing contextual, enterprise-wide visibility by collecting and analyzing all identity data and enabling insight into different risk levels of user access at scale. The use of AI will allow systems to identify and alert security and compliance teams about high-risk access or policy violations. Over time we will see these AI systems produce explainable results while increasing automation of some of the most complex cybersecurity challenges within the enterprise.
Mary Writz, Vice President, Product Management: “National identities will become more prevalent."
There are two fundamental shifts in the way we view and define digital identity on the horizon for 2021.
First, non-human identities will be just as important as human identities. While we often associate digital identity with a person, many “things” will need identities – from watches to wristbands, from supervisory control and data acquisition (SCADA) sensors to medical equipment, and even DevOps containers and Kubernetes resources. While the number of human identities may grow at a slow pace, the number of non-human identities will explode. For example, enterprises want to attach identities to machines, such as virtual machines, hosts, or containers in order to control security, as well as spend on cloud computing. The ratio of humans or developers to machine identities is 1:200 and still growing.
Second, national identities will become more prevalent as national, state and local governments transform to provide services primarily in digital format. COVID-19 is driving the need for new services like contact track and trace and remote access to benefits services, which will continue globally. For example, the new Japanese prime minister has aggressively called for the digitization of government and a new digital agency that will be established to drive “e-everything.” In the U.K., we saw the emergence of an NHS COVID-19 contact tracing app that citizens could use to enter pubs and restaurants. These examples show how this trend is already evolving.
We hope that you find our predictions insightful and that they help you to uncover new ways to look at the power of identity. We’re looking forward to an exciting year ahead, full of new innovations that will continue to shape the ever-evolving digital identity landscape.