What\u2019s changing about how organizations manage identities and access in 2018? You\u2019d probably do better to ask what\u2019s not changing. With credentials-based attacks on the rise since last year (growing from 63% to 81% of all cyber attacks), the urgency around finding new and better ways to keep bad actors out and let legitimate users in has never been greater. Here are some top insights into what\u2019s different this year, and why the time is right for transformation.5 Things You Need to Know About Identity in 2018Passwords aren\u2019t the point. For years, passwords have been at the core of how users gain access to the resources they need to do their jobs. But now the focus is shifting away from making access decisions based on whether someone presents a password and toward identity assurance \u2013 making decisions based on whether they\u2019re really the person associated with that credential. In other words, expect the question to shift from \u201cIs this Jack\u2019s password?\u201d to \u201cIs this really Jack?\u201dRisk-based access is on the rise. How great is the risk that Jack isn\u2019t really Jack? Analytics and context can provide insights into a user\u2019s identity that instill confidence that the user really is who they claim to be\u2014or raise suspicions that they\u2019re not. If there\u2019s little risk, you can choose to grant access without stepping up authentication; if things aren\u2019t what they seem, you can step up as needed.One size no longer fits all. Modern authentication choices are emerging to provide the identity assurance you need to grant access as well as the frictionless experience users value. Having a range of authenticator options available\u2014biometrics, one-time passwords, push notifications\u2014means being able to grant secure, convenient access to resources whether they\u2019re on-premises or in the cloud, regardless of user device or location.Identity plays well with others. The larger security ecosystem that includes everything from next-generation firewalls to SIEM systems is increasingly a space where identity has a critical part to play. Imagine, for example, a threat detection system that identifies a suspicious login attempt and then works with the identity solution to trigger stepped-up authentication to provide assurance that the login is legitimate. That\u2019s the kind of integration and interaction that will increasingly characterize successful identity and access management.Remember these three little words: Pervasive, connected, continuous. These are the qualities of modern authentication that we expect to gain prominence in 2018. By pervasive, we mean a seamless approach to access that works no matter where applications or users are. And when we talk about being connected, we\u2019re referring to the kind of information sharing and correlation described in #4 above. Finally, in the idea of continuous authentication, we can begin to think of authentication as less of a one-time event or action and more of a non-stop process that\u2019s constantly refining itself.See it all summed up in the new RSA video Making Sense of Cybersecurity in 2018.