One thing that is certain in security: at any given time, there is always someone accessing their sensitive assets without crossing the traditional network boundary. It’s taken them time – and some a lot longer than others – but most organisations have now woken up to this reality. Whether it’s a remote employee using a personal device for work, a marketing consultant logging into a shared social media account, or even a customer authenticating to use a SaaS app, in the digital age, information is constantly at risk.
Because of this and the changes to working life over the past year, Access Management tools – specifically those which map between individual identities and protected resources and provide real-time access control – have never been so critical to enforcing strong enterprise cybersecurity policies.
However, as the scope of resources to which users need access evolves, Access Management solutions are growing in capacity, increasingly overlapping and converging with adjacent security areas. Alongside this, the rapid shift to remote working has put IT teams under pressure to enable secure remote access, leading many to invest disproportionately in Access Management solutions which only addressed specific needs. This has created potential security gaps right across the digital identity landscape.
With this in mind, here are the four top trends businesses should be aware of which are shaping the Access Management space this year.
The push towards unified access platforms
The tactical expansion of Access Management tools has led to a serious consistency challenge when it comes to security, and the subsequent push towards unified access platforms to consolidate controls.
Most of these controls already include multi-factor authentication (MFA), identity lifecycle management, and basic access governance capabilities. But the most effective platforms incorporate a privilege-centric approach to securing identities. This typically involves embedding strong Privileged Access Management (PAM) controls, such as verification and authentication of users for privileged account access via MFA and single sign-on (SSO).
This convergence of PAM and Access Management adds a multitude of risk mitigation benefits which IT and security teams alike must be aware of.
AI-powered identity management
Enterprise access requirements have radically evolved in recent times, but authentication processes have not kept pace, especially password-based controls. Our recent research for example found that more than 60% of businesses experience a security breach each year, and roughly 40% of these occur due to a compromised user password.
These traditional password processes are often ineffective because they rely on end-users remembering complex passwords which they are required to constantly change. Also, when users are faced with strong authentication methods, they often skirt or circumvent security processes in order to perform job tasks more expediently.
In this context, expect adaptive Access Management powered by AI to be a rising trend. it presents a compelling alternative for businesses because it can operate without human intervention, gather and analyse intelligence on user behaviour to mitigate risk, uncover threat patterns and dynamically adapt authentication processes and access controls.
For example, organisations can create policies which prevent high-risk users from launching applications with customer data without validating having first validated their identity with high-assurance MFA factors. Low-risk users accessing low-risk applications however can skip secondary authentication and keep moving fast, reducing the friction and complexity often associated with ‘always on’ MFA controls.
Customer Identity and Access Management
Expectations for great digital experiences are at an all-time high. But recent advancements in Customer Identity and Access Management (CIAM) are helping organisations to meet these demands by delivering more secure customer access to their websites and apps.
Their surge in popularity is again down to intelligent automation of security. Traditionally, customer authentication has been a point-in-time decision based on the initial credentials the user presented, which could lead to unauthorised access if the customer’s device or credentials were compromised. CIAM leverages user behaviour analytics to authenticate customer identities accurately and enable support across the entire digital customer journey.
SaaS-delivered Access Management
The race to the cloud is driving demand for scalable ‘as-a-service’ security solutions – Access Management is no exception. Organisations are starting, and will continue, to embrace SaaS-delivered Access Management to ease deployment and use, provide more robust, end-to-end security, including those with extensive hybrid environments and many legacy or non-standards-based applications. Services like app gateways which secure remote access to on-premises apps and give users one-click SSO access to all the apps they need are helping facilitate this shift.
Much like the security ecosystem as a whole, access management is changing, adapting and evolving on an almost daily basis. Cyber criminals have realised this and are increasingly targeting identities as IT environments evolve. Security, risk and identity leaders need to adopt a Zero Trust approach – a strategic cybersecurity model centred on the belief that organisations should not automatically trust anything – to ensure security is maintained in the context of constant innovation. Heeding these four trends as they evaluate new tools and approaches to Access Management will form an important part of the equation.
EMEA Technical Director
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.