Identity Trends 2018: The More Things Change, the More Things…Change

This year is shaping up to be one of transformation for identity and access management—deep, fundamental changes that will make access more secure than ever for organizations, as well as more transparent and intuitive for users.

What’s changing about how organizations manage identities and access in 2018? You’d probably do better to ask what’s not changing. With credentials-based attacks on the rise since last year (growing from 63% to 81% of all cyber attacks), the urgency around finding new and better ways to keep bad actors out and let legitimate users in has never been greater. Here are some top insights into what’s different this year, and why the time is right for transformation.

5 Things You Need to Know About Identity in 2018

  1. Passwords aren’t the point. For years, passwords have been at the core of how users gain access to the resources they need to do their jobs. But now the focus is shifting away from making access decisions based on whether someone presents a password and toward identity assurance – making decisions based on whether they’re really the person associated with that credential. In other words, expect the question to shift from “Is this Jack’s password?” to “Is this really Jack?”
  2. Risk-based access is on the rise. How great is the risk that Jack isn’t really Jack? Analytics and context can provide insights into a user’s identity that instill confidence that the user really is who they claim to be—or raise suspicions that they’re not. If there’s little risk, you can choose to grant access without stepping up authentication; if things aren’t what they seem, you can step up as needed.
  3. One size no longer fits all. Modern authentication choices are emerging to provide the identity assurance you need to grant access as well as the frictionless experience users value. Having a range of authenticator options available—biometrics, one-time passwords, push notifications—means being able to grant secure, convenient access to resources whether they’re on-premises or in the cloud, regardless of user device or location.
  4. Identity plays well with others. The larger security ecosystem that includes everything from next-generation firewalls to SIEM systems is increasingly a space where identity has a critical part to play. Imagine, for example, a threat detection system that identifies a suspicious login attempt and then works with the identity solution to trigger stepped-up authentication to provide assurance that the login is legitimate. That’s the kind of integration and interaction that will increasingly characterize successful identity and access management.
  5. Remember these three little words: Pervasive, connected, continuous. These are the qualities of modern authentication that we expect to gain prominence in 2018. By pervasive, we mean a seamless approach to access that works no matter where applications or users are. And when we talk about being connected, we’re referring to the kind of information sharing and correlation described in #4 above. Finally, in the idea of continuous authentication, we can begin to think of authentication as less of a one-time event or action and more of a non-stop process that’s constantly refining itself.

See it all summed up in the new RSA video Making Sense of Cybersecurity in 2018.