IAM Leaders: Plan to Adopt These 6 Identity and Access Management Trends

The fast pace of change across technologies, organizational priorities, user expectations, business opportunities and risks requires identity and access management (IAM) architectures to be more flexible. Furthermore, as digital business relies on digital trust, which is enabled by IAM,securityand identity are, more than ever, an essential foundation of an organization’s business ecosystem.

“It is critical for security and risk management leaders to architect more flexible IAM infrastructure and for IAM teams to partner with other functions to meet changing organizational requirements,” saysMary Ruddy副总裁分析师雀鳝tner. “Evolve your IAM deployments to better fit the changing needs of your organization by taking into consideration six key IAM planning trends."

Learn more:Streamline your tech purchase, from start to finish, withGartner BuySmart™.

No. 1: Connectanywherecomputing will further drive need for smarter access control

The transition to more remote, connected anywhere computing is placing greater demands on access management deployments. Access management platforms must become increasingly sophisticated to differentiate between valid users and malicious bots or fraudsters without annoying legitimate users.

Download eBook:The Top 3 Strategic Priorities for Security and Risk Management

In addition, organizations need to weave support for multiple options for user and device access as well as multiple generations of digital assets into a flexible modern identity infrastructure (identity fabric). To reduce risk, implement best practices, such as multifactor authentication (MFA), zero-standing privileges and zero-trust architecture, if these are not already fully deployed.

Require MFA for all privileged access and ensure that MFA vendors support all needed use cases, such as voice, biometrics, phone-as-a-token and smart cards. In addition, leverage adaptive access control, a context-aware access control that acts to balance trust against access risk, as a key element of zero-trust architecture.

No. 2: Improving user experience for all users will be essential for secure digital business

With the number and importance of digital interactions increasing, the bar continues to rise on providing a great total user experience. Gartner estimates that by 2024, organizations that do so will outperform competitors by 25% in satisfaction metrics for both customer and employee experience.

Organizations should create a cohesive strategy for all external users (consumers, business customers and partners). For example, align IAM priorities with both business and IT priorities, deliver an omnichannel experience, and unify customer profile data.

In parallel, apply a zero-trust approach to your organization’s digitalsupply chain,例如,提供端到端security and privacy protection of customer data and other digital ecosystem resources. In addition, empower privileged users without sacrificing security by creating an identity for remote privileged users, which authenticates them every time they intend to perform administrative tasks or privileged operations. Then use a shared account that is controlled by a privileged access management (PAM) tool.

Learn more:Your Ultimate Guide to Cybersecurity

No. 3: Keys, secrets, certificates and machines will require more attention

The surge of the number of machines and their usage in hybrid and multicloud environments is forcing organizations to reframe their IAM strategies.

Raise the bar on secrets, keys and certificates. Consider establishing afusion teamthat gathers requirements, provides leadership, defines ownership, lays out guidance and sets reasonable expectations. Determine the machine identities your organization is using and categorize them into two groups: devices and workloads. Find organizational and technical ways for your IAM teams to integrate different teams' tools of choice.

In addition, as adoption of robotic process automation (RPA) is increasing rapidly, it is important to manage software robot identities and govern their access. Start by defining best practices and guiding principles for how to integrate RPA tools into the identity fabric, and treat RPA’s software robots as another workload that needs a machine identity.