Three identity management trends to consider in 2022

Three identity management trends to consider in 2022

The shift to remote working has highlighted a need for organisations to adapt to an identity-centric approach to their cybersecurity and governance strategies. Craig Ramsay, Senior Solution Consultant, Omada, discusses the management of identities and their associated risk and how business leaders can strengthen their security strategies for the year ahead.

Employers and their workers have adapted to remote and hybrid work and these changes are likely here to stay. Cloud migration has been a major factor in this transition, with some companies merely accelerating their Digital Transformation timelines and others quickly creating digital strategies ad hoc.

Now that the world has had almost two years to adapt, organisations have been able to see what does and doesn’t work for both them and their identities. Continuous revaluation of remote and hybrid working strategies are key to maximising productivity and, just as importantly, ensuring it is done securely.

As identities continue to access more and more resources remotely, organisations are faced with increasingly complex security considerations. In fact, attackers pivoted from targeting corporate networks to home networks early in the pandemic because they knew the latter are typically much less secure, as organisations rushed to keep productivity high, security was an afterthought in some cases. In addition, the attack surface proliferated wildly with thousands of new endpoints to potentially exploit as a beachhead into the corporate network.

Thus, this shift to remote and hybrid working has reinforced the idea that identity is central in a strong cybersecurity strategy. The traditional IT security perimeter no longer exists, with many applications and services now hosted in the cloud being accessed by a variety of identities in the office, at home, on the road, or a combination of all of these.

To make sure all identities, including third parties and technical identities, have appropriate and secure access to these new cloud-based and legacy on-premise applications, organisations need to transform the way they deploy and manage their identity governance and identity management initiatives. Combine this with the emergence of Zero Trust and it really has confirmed identity as the ultimate control plane.

With that in mind, let’s explore what 2022 will bring in relation to the management of identities and their associated risk.

Ongoing cloud adoption

2022 will see ongoing adoption of SaaS solutions and cloud services. In a survey by Enterprise Strategy Group, respondents reported that 52% of business-critical apps are now cloud-based rather than on-premise – and that number is only growing. Organisations are now able to switch vendors and to scale up services they have been using more easily than ever before. This subsequently increases the threat surface within organisations when it comes to managing identity related risk.

Consequently, organisations need to securely scale with demand and manage their identities across an ever-growing number of applications and services. To meet this need, identity governance solutions must be able to provide a cloud-native foundation of versatile configurability.

Greater autonomy in IAM

The year will also bring increased autonomy in identity governance processes. At present, these processes still involve a combination of manual and semi-autonomous activities, meaning that there can be considerable overhead for administrators and end-users. This manual effort combined with the continued shortage of IT and security professionals is not sustainable.

For some time and to varying degrees of complexity, automation has played a role in Identity Lifecycle Management and access provisioning. Automated governance around user access requests, reviews and violation management is less prominent, but recent innovations have seen drastic improvements in prescriptive analytics providing decision support for end-users, reviewers and approvers.

It’s true that for the most critical applications and sensitive data, there will always be a need for some level of human decision-making or approval. However, as we see an increase in the amount of useful data held on identities and their access automation of approval, review and violation detection and remediation will also increase to complement the human side of governance.

Intelligent unification

A third new trend I see emerging in 2022 and beyond is the emergence of unified governance platforms. Now, more than ever, organisations have a plethora of solutions at their disposal. This can lead to siloed information and a disparate approach to security where some solutions focus on niche use cases.

Maximising the capabilities and information available and integrating them to provide a unified and holistic view of identities, their access, the contexts, or reasons why they have, and how they use their access will be crucial in reducing identity related risk. Breaking down these siloes and sharing information across these boundaries will provide assurance that your identities are truly secure and greater adaptability to tackle new identity challenges as they arise.

In addition to this, such platforms will further the autonomy in IGA processes through this meaningful convergence of technology and identity disciplines. This will significantly reduce the manual effort when implementing, managing and interacting with identity governance processes.

Towards an identity-centric approach

The 2021 IBM Cost of a Data Breach report found that the average total cost of a data breach increased by 10% from the previous year to US$4.24 million – the highest cost ever recorded. It is now more difficult to both protect against breaches and more costly to deal with their aftermath. Identity governance has never been more important. But now that the traditional corporate perimeter no longer exists, how do you adapt to an identity-centric approach to your cybersecurity and governance strategy?

The last two years have ushered in a sea of change regarding how organisations manage identities and their access. Hybrid working and cloud-based applications and services create greater opportunities for anytime, anywhere productivity but also increase the complexity of managing identity-related risk. The right solution coupled with the right strategy will enable you to realise the benefits of these opportunities without sacrificing security or efficiency.

The continued adoption of cloud-based services and applications will dovetail with the advent of unified identity governance platforms and an emphasis on greater autonomy. With the automation capabilities available today, there’s no need to saddle administrators and end-users with the burden of unnecessary manual effort in managing identity related risk. What’s more, it’s now possible to have a holistic view of identity that better serves the diverse needs of all hybrid work scenarios. Take time to reflect upon the three trends noted above and determine whether changes need to be made to your identity strategy for the year ahead.

Browse our latest issue

Intelligent CISO

View Magazine Archive