Five Identity Management Trends to Watch

David Ting
Feb 03, 2012

I'm often asked what seems like a simple question: 'what's new in identity management?' As simple as it is, it's a big question so here are five trends that I see out there for identity management... at least for now.

#1: The Pendulum Swing is Back to Thin Client Computing
Technology changes including the 64-bit computing platform, multicore processors, cost effective broadband connectivity, dirt-cheap storage, combined with rising costs of energy, cooling and space are forcing a re-evaluation of how we put computing power at the hands of the user. Virtualization has simplified the management of shared computing resources and to propel the shift back to thin client computing. This has put even greater emphasis on how you manage identities, control access and provision applications managed within these virtualized environments. The shift to centrally-managed, centrally-hosted environments, enables (and is driven by) greater mobility and flexibility in workflow and workforce - that puts new pressures on how identity management policy, procedure and technology all work together to create a secure yet flexible environment.

#2: De-Perimeterizing the Network: Softening of the Network Continues
Perimeters are no longer rigid, hard and securable, so firewalls, IDS and IPS are no longer adequate on their own. Defense in depth security comes to mind as the boundaries of the perimeter blur and soften with insider threats rising in prominence. The notion that the network can be secured is rapidly melting away as business practices force opening up access to partners, customers and remote workers. The emphasis shifts to knowing who is doing what with your data and applications regardless of where they are geographically. Strong authentication and contextual authorization including the notion of location-based authentication becomes even more critical in this environment as one tries to extend enforcement of access policies to critical corporate resources.

#3: Enterprise Biometrics Realizing its Potential
Look around you... everything is being biometrics-enabled - laptops and computer hardware are now manufactured with fingerprint readers nowadays, for example. Cost as a barrier to widespread adoption is no longer the issue as scanners become commoditized. With this change, enterprises are re-examining how best to deploy strong authentication within their organizations. Storing enterprise biometrics safely to support a mobile workforce is the key to unleashing the true power and usability of biometrics. Interoperability and assuring the privacy concerns for users that their biometric identities are properly secured are critical to widespread adoption. The time for biometrics is now.

#4: Enterprise-Level Functionality Moves to the Mid-Market
ESSO, strong authentication and access control have become mainstream. All of these technologies are becoming more cost-effective for the midmarket and easier to implement, making them more attainable. The economics are there for midmarket companies to achieve the security that was once thought of as an enterprise luxury, strengthening the security of our overall ecosystem of business worldwide. Joel Dubin hits this point well in his piece. The more midmarket companies can deploy strong security practices and technologies, the tougher time the bad guys have to wreak havoc.

#5: Higher Emphasis on Insider Threats Drive a Focus on Data Protection and Compliance
At Kuppinger and Cole's 2nd European Identity Conference it was clear the events at Society Generale have elevated everyone's sensitivity to how much damage can be perpetrated by an insider. One speaker described succinctly when he said that 'banks have money, a lot of money and often some of their employees feel they should have some of that money as well.' It is clear insider threats will only become more frequent as we open up more access to critical systems. It is simply too lucrative and too easy to hide behind the anonymity of the digital identity - after all how are they going to prove it is you that has accessed the system when you used your colleague's logon credentials. As an enterprise, you better know who your people are, how they are getting on the system, what they are doing, and from where. The insider threat will be amongst the top threats in 2008, and is already a key discussion within identity management circles.

So let me put the question out to you? What are the trends that you are seeing out there? Chime in on the comments section, or drop me a line.

-David Ting, CTO