Challenges and Future Development in Identity and Access Management

Introduction

SMIC (Social, Mobile, Information Analytics and Cloud) is the concept that four technologies are currently driving the creation of new business design. The synergy created by SMIC working together has created a competitive advantage for the following business innovations:

• •

  Social Media: Enabling businesses to reach and interact with customers;

• •

  Mobile Technologies: Enabling people to communicate, shop and work without physical boundary;

• •

  Information Analytics: Allowing businesses to capture and analyse customer behaviours (how, when and where) in conducting online goods and services; and

• •

  Cloud Computing: Providing Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS) delivery modes for business organisations to quickly respond to changing needs of the business.

The integration of the SMIC technologies has posed new challenges to the IAM development. Our readers should have noticed that legacy approaches to IAM are lagging because those products cannot handle access from consumer endpoints effectively, not able to support the rapid adoption of Cloud services and cannot provide secure data exchange across user populations.

The increasing trend of Bring Your Own Device (BYOD) within organisations that allows weakened authentication and authorisation has introduced many security threats associated with identity thefts. Furthermore, it requires great effort in safeguarding employees from provisioning their own software on those devices to use at work (such as, Dropbox, Box, SugarSync, Google Drive and Evernote).

Access control application is expected to play a key role in the IAM market due to the fact that identity administrators need the right tool with real-time management of all the activities with user devices such as mobile phones, tablets, and laptops along with high security against malicious threats within the enterprises. This requires clear policies and guidelines as well as management tools that can automate the access control processes.

Apart from that, Cloud-based IAM deployment is expected to benefit organisations with increased scalability, speed, 24/7 services, and enhanced management capabilities. Cloud-based IAM solutions can meet customer demand in starting or stopping any service, at will.

There are many reports and research articles detailing different visions for the future of Identity and Access Management. The Forrester Research Report prepared by (Cser et al., 2016) helps security and risk professionals understand how they can leverage IAM technologies to enable new customer functionality and business models in the coming three years. The Forrester Research report highlights that the employees’ BYOD mobile applications and DevOps methodologies are increasing application releases, which has shaped the need for new approach in dealing with mobile IAM and security in mobile apps; and the slimming down and simplifying of IAM.

(Wagner, 2014) predicts that by year end 2020:

• •

  The majority of user access will be shaped by new mobile and non-PC architectures that serve all identity types regardless of origin;

• •

  Most digital identities interacting with enterprises will come from external identity providers through a competitive marketplace;

• •

  Most enterprises will allow unrestricted access to non-critical assets, reducing spending on IAM by 25 percent;

• •

  The majority of enterprises will use Attribute-Based Access Control (ABAC) as the dominant mechanism to protect critical assets; and

• •

  The Internet of Things will redefine the concept of identity management to include what people own, share, and use.