The prediction game is at best a perilous one and even more so in what has been, in calendar month terms at least, the most unpredictable of years. Yet trying to foresee what might happen within the security industry has always been something of a fraught exercise in crystal ball gazing. So, these insights do retain their value, despite - and maybe even because of - how challenging the times may be.

The abrupt shift to remote work, due to the pandemic, has caused many obstacles, of course. "Legacy approaches to identity and access management (IAM) are clinging to outdated notions of corporate perimeters and in-person interactions. Conversely, overwhelmingly digital customer-facing interactions create urgency, with respect to digital identity initiatives and reducing bias in identity-proofing processes." That is the view of Akif Khan, senior director analyst, Gartner, who says that the old security model of "inside means trusted" and "outside means untrusted" has been broken for a long time.

"By 2025, cybersecurity mesh will support more than half of all IAM requests, enabling a more explicit, mobile and adaptive unified access management model," he predicts. "The mesh model of cybersecurity provides a more integrated, scalable, flexible and reliable approach to digital asset access control than traditional security perimeter controls."

Organisations lack the resources and skills to plan, develop, acquire and implement comprehensive IAM solutions, he adds. "As a result, they're contracting professional services firms to provide the necessary support, particularly where multiple functions need to be addressed simultaneously. Increasingly, organisations will rely on MSSP firms for advice, guidance and integration recommendations. By 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach - shifting influence from product vendors to service partners."

IDENTITY-PROOFING TOOLS
Historically, vendor-provided enrolment and recovery workflows for multifactor authentication have incorporated weak affirmation signals, such as email addresses and phone numbers. As a result, implementing higher-trust corroboration has been left as an exercise for the organisations.

"Because of the massive increase in remote interactions with employees, more robust enrolment and recovery procedures are an urgent requirement, as it is harder to differentiate between attackers and legitimate users," adds Khan. "By 2024, 30% of large organisations will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes."

Akif Khan, Gartner: by 2023, 40% of IAM application convergence will primarily be driven by MSSPs that focus on delivery of best-of-breed solutions in an integrated approach.
Centralised approaches to managing identity data struggle to provide benefits in the three key areas: privacy, assurance and pseudonymity. "A decentralised approach uses blockchain technology to help ensure privacy, enabling individuals to validate information requests by providing only the absolute minimum required amount of information."

He believes that, by 2024, a true global, portable, decentralised identity standard will emerge in the market to address business, personal, societal, and identity-invisible use cases. "Bias with respect to race, age, gender and other characteristics gained attention significantly in 2020, coinciding with the increased interest in document-centric identity proofing in online use cases. This 'ID plus selfie' process uses face recognition algorithms to compare selfies of customers with the photo in their identity document."

THE HUMAN LAYER
If remote working in 2020/21 has taught us anything, it's the importance of securing the individuals within each organisation's 'human layer', says Tony Pepper, CEO, Igress. "When offices closed overnight, it amplified the role of the individual within our security strategies and the risks that each person brings. As we look towards the rest of 2021, insider risk will be front-of-mind for many organisations, as they work to secure remote and hybrid environments for the long term.

Emma Maslen, Ping: 2021 will hopefully be a year where we start to build a more sustainable work and life balance that is based around results.
"Advanced machine learning technologies that examine the context within which individuals make decisions and alert them to risky behaviour have been utilised by early adopters to effectively target security at individuals- and in 2021 and beyond, this technology will see rapid adoption."

Linked to this, states Pepper, we're going to see the continued decline of traditional email DLP technology, as organisations improve security for their most mission-critical communication channel. "56% of the IT leaders responding to our 2021 Data Loss Prevention Report acknowledged they're under increased pressure from clients to keep sensitive data safe on email, while 100% of those who have deployed traditional email DLP technologies are frustrated by them. With increased adoption of advanced email DLP solutions that utilise contextual machine learning, organisations will turn away from traditional technologies."

THE HUMAN LAYER
"As 2020 has shown, predicting the future is hard!" states Emma Maslen, VP & GM of EMEA & APAC for Ping Identity. " Yet what is clear is that, moving forward, all organisations need to be able to react to unexpected shifts in society, technology and culture. The emergence of working from home as a viable option for large segments of the workforce is likely to endure. Some employees are now enjoying the reduction in commute, more family meal times and greater flexibility in the working day, which I think they will be reluctant to let go in the future. Ensuring employees are enabled to work from home, in a productive way, will be a big theme for the future."

This leads neatly to her second point - the continuing war for talent. "As the world is disrupted, employees are looking for a vision or a mission that resonates, along with working environments that empower them to do their best. Ensuring frictionless access to technology will lead to a reduction in frustration, which will, in turn, help organisations to both attract and keep the best talent. Yet the frictionless experience must extend beyond the organisational structure and become a mantra for how organisations deal with customers, citizens, partners, suppliers - in fact, every B2B and B2C relationship must shift towards seamless interactions."

As such, identity is going to be a big focus for both the workforce and the wider consumer space, adds Maslen. "Not only are we working more from home, but we are also shopping, banking, studying and engaging with the state increasingly from home. Yet still people are bombarded with username and password requests, and this situation gets worse as more interactions become completely digital."

If 2020 was the year of disruption, then 2021 will hopefully be a year where agility becomes the new watchword, she further states - "a year where we start to build a more sustainable work and life balance that is based around results, and less around where people and systems are geographically located".