5 key predictions for IAM and fraud detection

Computing Security asked Akif Khan, senior director analyst, Gartner, to give us his take on the impact of the swing to remote working. Here is his response:

The abrupt shift to remote working, due to the pandemic, creates complications for legacy approaches to identity and access management (IAM) that cling to outdated notions of corporate perimeters and in-person interactions. Conversely, overwhelmingly digital customer-facing interactions creates urgency with respect to digital identity initiatives and reducing bias in identity-proofing processes. The following predictions, to be further analysed at the Gartner IAM Summit [the virtual event in April this year*], are trends in decentralised identity, access management, IAM professional services, and identity proofing for 2021:

Cybersecurity mesh will support more than 50% of IAM requests
The old security model of ‘inside means trusted’ and ‘outside means untrusted’ has been broken for a long time. Most digital assets and devices are outside the enterprise, as are most identities. By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model. The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls.

Delivery of IAM services will increase via managed security service providers (MSSPs)
Organisations lack the resources and skills to plan, develop, acquire and implement comprehensive IAM solutions. As a result, they’re contracting professional services firms to provide the necessary support, particularly where multiple functions need to be addressed simultaneously.

Increasingly, organisations will rely on MSSP firms for advice, guidance and integration recommendations. By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach - shifting influence from product vendors to service partners.

Identity proofing tools will be implemented within the workforce identity lifecycle
Historically, vendor-provided enrolment and recovery workflows for multifactor authentication have incorporated weak affirmation signals, such as email addresses and phone numbers. As a result, implementing higher-trust corroboration has been left as an exercise for the organisations. Because of the massive increase in remote interactions with employees, more robust enrolment and recovery procedures are an urgent requirement, as it is harder to differentiate between attackers and legitimate users.**. By 2024, 30% of large organisations will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes.

A global, portable, decentralised identity standard will begin to emerge
Centralised approaches to managing identity data struggle to provide benefits in the three key areas: privacy, assurance and pseudonymity. A decentralised approach uses blockchain technology to help ensure privacy, enabling individuals to validate information requests by providing only the absolute minimum required amount of information.

By 2024, a true global, portable, decentralised identity standard will emerge in the market to address business, personal, societal, and identity-invisible use cases.

Demographic bias within identity proofing will be widely minimised
Bias with respect to race, age, gender and other characteristics gained attention significantly in 2020, coinciding with the increased interest in document-centric identity proofing in online use cases. This ‘ID plus selfie’ process uses face recognition algorithms to compare selfies of customers with the photo in their identity document.

There has always been awareness of possible bias in face recognition processes, with implications concerning customer experience, brand damage and possible legal liability. As a result, by 2022, 95% of organisations will require that identity-proofing vendors prove that they are minimising demographic bias, a significant increase from less than 15% today.

* https://www.gartner.com/en/conferences/emea/identity-access-management-uk
** https://www.gartner.com/smarterwithgartner/6-ways-to-defend-against-a-ransomware-attack
*** https://www.gartner.com/smarterwithgartner/how-to-use-facial-recognition-technology-responsibly-and-ethically