Predicting the future is always a tricky ask for any expert or professional. Predicting the future of cybersecurity and identity and access management (IAM) is an even more difficult act of divination. Yet in order to properly prepare for the threats facing identity security, we have to try to determine the direction of both identity and our own businesses. Enter megatrends.
What is a megatrend? How does it relate to the oft-misunderstood but increasingly vital IAM field of identity governance and administration (IGA)? To answer these questions and gain some insights into the most relevant trends that will affect enterprises’ futures, we spoke with Stuart Beattie, Product Marketing Director of IAM and IGA solution provider Omada.
Here’s our conversation, edited slightly for readability:
Solutions Review: What is a megatrend? How can they help enterprises plan for their financial futures?
Stuart Beattie: A megatrend is a major force that involves changes in demographics, climate, politics, or technological progress. Megatrends have the potential to significantly impact global or regional populations, businesses, global economies, and the world’s population.
Large organizations across a variety of sectors—including oil and gas, finance, manufacturing, and government—use megatrends to ask “what if” questions of the world and their own businesses to develop possible scenarios of what the future could look like. These scenarios are used to help senior managers create future strategies, make better business or policy decisions, and determine their future innovation initiatives.
Long-term decision-making is important to these organizations as they have extended development lead-times for their products and services. Committing significant amounts of capital for large future projects introduces risk into their business plans. Businesses using intelligence about upcoming megatrends significantly mitigate their investment risks as they can make more informed decisions about which products and services will serve customers best in the future.
SR: What megatrends will have the largest impacts on identity management and identity governance and administration?
SB: There are three key megatrends that are likely to have an impact on identity management and identity governance and administration – increased urbanization, climate change, and population growth and demographic changes.
For the increased urbanization megatrend, approximately 60% of the population will live in cities and 50 mega-cities with populations greater than 10 million will evolve by 2050. Protection of natural resources, management of highly efficient transport infrastructures, and protection of critical national infrastructures against major terrorist attacks will all require governments to deploy technology to gain the levels of efficiency and scalability needed to support the citizens. Unauthorized access of this technology could result in disruption of services for large parts of the population. Therefore, it will be necessary to continue to tightly control who is able to access these systems using IGA solutions.
Attempts to address climate change have resulted in governments imposing green taxes on businesses to help them meet internationally agreed emissions targets. Companies will deploy technology such as building management systems to help reduce energy consumption to avoid excessive taxes. Without adequate access controls provided by IGA solutions, building management systems, such as HVAC systems, could be used as a gateway into the network by criminals wanting to cause disruption or steal confidential information.
With the global population estimated to be 8.6 billion by 2030 and 9.8 billion by 2050, governments need to find ways to maximize the use of natural resources they have available to them. By 2030 alone, energy requirements will have increased by 50%, water by 40%, and food by 35%. Access to the systems put in place to monitor and control these critical national infrastructures needs to be tightly controlled as they could be attractive targets for nation states or organized terrorist groups wanting to cause large-scale disruption.
In addition to population growth, an aging population means that preventative health monitoring will need to be deployed to increase the efficiency of healthcare systems. Without adequate protection [from IGA], patient records could be stolen and used for malicious purposes.
Technology will be deployed to address the problems associated with all these megatrends. In each case, if the technology is accessed by criminals, they could cause widespread disruption affecting large groups of people.
SR: Are there megatrends within identity governance and administration that you see? Where is the market going overall?
SB: As well as the megatrends above which require identity governance and administration to protect the technology deployed from malicious activity, there are two technological megatrends that will have an impact on identity governance and administration – blockchain and machine learning.
For blockchain, we see two possible major use cases. The first is the idea of creating a universal identity for everyone which eliminates the need for identity silos where our personal information is stored by each company we wish to interact with online. Just thinking about the number of different sites individuals register with is scary, as [users] only need one of those to be compromised for their personal data to be exposed in the wild.
Many high-profile data breach cases have recently been reported and they are unlikely to be the last. Using blockchain to create a universal identity would address this by just having one identity per individual who could control how much of their personal information they want to share. However, while this would be the ideal situation for managing consumer identities, experts warn that it will probably be many years before this becomes [a] reality.
Another area that probably has a more realistic timeframe and is more interesting in enterprise deployments involves blockchain being used to record changes to access rights. Security audits will be made significantly easier and quicker if each change made in the IGA solution is recorded using blockchain. Also, during forensic investigations to identify potential causes of a security incident or data breach, the blockchain could be examined to conclusively determine who was granted access to what systems, when, and why.
As well as blockchain, machine learning will be used by identity governance and administration solutions to recognize patterns. These patterns will be used to suggest ways to optimize processes to reduce the administrative burden of identity management. For example, if the system sees that a lot of individuals in the Accounts Department are granted access to an application in addition to their birth-rights, then it could suggest that this application is added to the standard profiles for employees that join the accounts department.
SR: Should enterprises incorporate identity management and identity governance into their future business plans? What role will they play in the markets of the future?
SB: Yes. I think that it is important that enterprises which do not already have identity management and access governance should look at including it in their business plans.
The increased use of digital technologies [that] change how companies do business, provide efficiency savings, and create new revenue opportunities means they are transferring more and more of their information online. The digitization of business involves a wide variety of advancements including more information about individuals being stored online as well as Internet of Things (IoT) devices being used to monitor and control physical devices.
This creates virtual “treasure troves” for attackers wanting to either steal personal information and intellectual property or cause disruption to [enterprises] by making these systems inaccessible.
In addition to the security threat requiring tight controls on who has access, companies are facing increasing regulation governing the protection of their digital assets containing personal information. This has significantly increased the need for ensuring that individuals only have access to the information they need for the period they need it. Companies also need to be able to prove to auditors that information was not unnecessarily exposed and provide investigators with the information they need in the event of a suspected data breach.
SR: What capabilities will IGA solutions need in to accommodate the social and business megatrends of the future?
SB: A lot of the technology that will be deployed to address the issues associated with megatrends will involve physical devices such as sensors to detect environmental conditions or devices to control physical equipment. The increase in volume and variety of these sensors and controllers presents its own challenges – not just because they need to have access to the network but because they could be taken over and used for malicious purposes.
For example, if a device controlling mission-critical infrastructure was hijacked, a criminal could cause significant damage to physical property which would lead to disruption for citizens and could, in the worst cases, lead to loss of life. Similarly, sensors being used to monitor the health of individuals to improve healthcare provision could be manipulated, resulting in doctors prescribing the wrong types or quantities of medication which could prove fatal to patients.
Going forward, if IGA vendors want to help secure the technology deployed to address challenges presented by megatrends, they will need to ensure that they can connect to and manage the wide variety of physical devices such as sensors and controllers that will be deployed. They will also need to ensure that their solutions can scale to manage the potentially large number of devices that will need to be deployed.
Thanks again to Stuart Beattie of Omada for his time and expertise!
- The Best Books for Identity Security Available Now - September 16, 2021
- Authentication Apps: Best of 2021 and Beyond from Solutions Review - September 15, 2021
- Authentication Platforms: Best of 2021 and Beyond from Solutions Review - September 14, 2021