I sat down with not one, not two, but three IAM experts within the company to chat about the future of IAM and what that can mean for us and you. Please enjoy this unfiltered interview with Josh Howlett (Business Development Director), Lara Savory (Head of Product), and Rezar Zefaj (CTO) as they try to explain the topics around IAM to a novice like myself.
What is the most exciting change you have seen in the world of IAM?
Rezar: People have finally understood that identity is not only one’s username and password. It includes the entitlements needed for access and tools, and a broad range of other information, making your identity specific to you and your role.
And so a major task for many companies is constructing these multifaceted identities for their new users. Of course, today that also means that one does not have to be in the office, but can be onboarded no matter where they are located.
Lara: Yes, the changing emphasis of location is the main thing I would say. Access control is switching from relying on physical parameters, such as their presence within a building, to instead focus on their affiliation and role within the organisation. We have adapted our access policies so we can authorise users in new ways – making it easier and better for everyone to collaborate whilst being secure.
Josh: You can see this paradigm within Zero Trust architecture. Security is increasingly based on user and device identity and verification. This is reducing the reliance on firewalls and traffic inspection techniques, which are becoming harder to apply with employees working remotely and workloads migrating to the cloud.
Rezar: Yes, and a lot quicker too! In the response to the pandemic, IT departments have had to make five years of progress in less than two years. This means that we now see solutions on the market that would have been a lot more expensive and harder to find than, say, five years ago. Many of us are now working productively from remote locations, identifying ourselves to our employer’s systems using biometrics, never having physically entered an office or met a colleague.
Lara: Indeed. You can be identified using something you have, a password for example, or something you know, such as a security code, but now also as something you are.
Rezar: Today banks look for transactions that are unusual, based on their customers’ previous spending patterns. I think in the future we’ll see a growing connection between identity management, data mining, and machine learning. This will allow security based on behaviour, rather than the possession or knowledge of information or tokens.
Ok, so with that in mind; what is something you wish all companies would consider when it comes to IAM?
Lara: It is critical to understand your organisation’s needs before you consider the technology. Otherwise, you risk investing in a technology that won’t align with the organisation when you come to deploy it. It’s much better to understand what you want to achieve, and let the solution adapt, rather than try to change your ways of working to fit around the constraints of the solution.
Rezar: I agree. The IAM solution will have to be adaptable and map to the organisation’s processes, rather than force those processes to change. Forced, awkward change will impede the uptake of any new product, defeating the goal of IAM as your security will still be jeopardized.
What are the biggest opportunities IAM has given businesses in the last 5 years?
Rezar: Single sign-on has given users ease of access; and, to organisations, the opportunity for digital transformation without compromising usability or security. Access what you want, when you want it.
Josh: Right. And the ability to leverage the consumerisation of IT by extending access management to users’ own devices, regardless of location. Access from where you want, using what you want.
Lara: I think the biggest impact is the empowerment achieved through a broader definition of self-service. You can request access to the tools or data you might need, and with just a click it can be approved. It saves time and money not having to subject users to complex approval processes, increasing productivity, profitability, and security.
OK, so we have looked back at the last few years and seen how fast we have moved and how much we have adapted to get here. Now let’s look at the future trends within IAM.
Rezar: I would go back to identity. I also think that we will see a fourth pillar being added to IAM. Today we have unique identity, controlled access, and single sign on. I see the fourth pillar being governance, and its blending across the other three pillars.
If you would like to know more about access management, please visit our Able+ pages