Skip to main content

The changing face of identity management

As we enter a new decade, it’s interesting to see how far we’ve come over the past 10 years in terms of access and identity management. When the 2010s began, only 38 per cent of data breaches used stolen credentials; by 2017, this figure was 81 per cent. As the pace of digitization has increased, identity and access assurance has become a critical issue and the single most important control for managing digital risk. 

From an eBay database being stolen using employee credentials in 2014, to passwords from high profile breaches of companies including Google, Yahoo and Hotmail all ending up for sale on the Dark Web; identity has been at the heart of some of the major security incidents in the past decade. 

As we have become more reliant on digital interactions that rely on identities, new and unprecedented security challenges have been raised. We need to be able to trust the device, the networks and the user; even though we can often no longer see who or what that is. Identity has become a crucial weakness that hackers are exploiting. But with the increased focus on identity, there’s also an opportunity for organisations to strike a better balance between endpoint security, innovation and an employee’s authentication experience. 

We’ve already seen a huge rise in identity theft, with credentials for sale and thousands and passwords used to maliciously attack companies, but the next decade will see an evolution of identity security, with secure but user-friendly identity strategies on the horizon. From making use of new technologies, including those embedded in today’s smartphones, to eliminating the dreaded password altogether, we can expect the next ten years to transform the way identity impacts the corporate and hacker worlds in several key ways:

1. Credential theft becomes credential hijacking

We continue to see the same security trend echoed year after year – compromised credentials are the number one attack vector for malicious actors; the market for stolen corporate credentials has become a booming business for cyber criminals over the past decade. Looking ahead, however, we can expect hackers to begin to shift their attacks from simply using stolen credentials that are available on the dark web, to infiltrating password recovery mechanisms in order to harvest and then reset user credentials themselves. In other words, attackers will successfully take over user identities and re-establish them with new usernames and passwords, thereby gaining access to critical assets at organisations. 

As the attack surface shifts from away from simply attempting logins with stolen credentials, the stakes will become much higher and will require a new security approach focused on employee monitoring to prove a user is who they say they are – even if they’ve logged in seemingly legitimately.

2. ‘Passwordless’ authentication is on the horizon, but we need to prepare for the consequences

As organisations continue to look for ways to protect users while making security as seamless and invisible as possible, we’ll see a huge increase in those adopting ‘passwordless’ security innovations. But while it’s becoming quite common to leverage face or fingerprint ID, today most passwordless authentication is still rooted and reliant on password management and usernames for account enrollment and recovery. Because of this, they are really “less passwords” rather than truly “passwordless”. As the journey towards true passwordless authentication continues, organisations will also need to think about the  varying user needs across their organizations considering the dynamics at play. For example, as with any IT change, there’s likely to be an initial and evolving burden on help-desk support; users who are not required to use a password day-to-day are almost certain to forget and disregard credentials at a higher rate, thereby requiring more support than they did before. 

3. Authentication will need a personal touch

As we move towards the passwordless world, organisations are today facing a plethora of choice when it comes to their authentication strategies. With constant innovation and evolution in technology, there are now many more ways than ever users can verify who they say they are and access resources; from push notifications, to behaviours, to one-time passwords, biometrics, hardware tokens and more. This can make it difficult for organisations to choose the appropriate authentication strategy. One thing is for sure: there won’t be a one-size-fits-all solution for the varying identity and access management needs across different organisations with dynamic workforces. What we can expect to see is organisations making much more personalised decisions on authentication, so they can strike their own balance between security and user experience.

4. Get ready for the rise of the machines

It’s not just employees that will present new identity challenges in the next decade – we’ll continue to interact with devices in new ways. It’s only a matter of time until smart home devices like Alexa, Siri, Google Home, smart lightbulbs and access devices like smart door locks will begin to transition from purely consumer devices to being leveraged in business and corporate settings. As these automation technologies aid us with more and more complex tasks, the need for these devices to understand who can command them and who they are acting on the behalf of will become much more critical. So, as we use tech-enabled personal assistance for more critical parts of our lives and businesses, it certainly will matter who ‘Siri’ and other devices take orders from.

Welcome to 2020!

As the next decade brings new technology, opportunities and challenges, identity will take front-and-centre priority in the cybersecurity conversation. With attackers developing smarter ways to compromise credentials and as automated devices become more widespread in our corporate worlds, identity will become both a key battleground and an opportunity. The blurring lines between corporate and consumer technology means any identity strategy needs to be both secure and convenient. Success will be all about striking the right balance.



from TechRadar - All the latest technology news https://ift.tt/2tR1KUP

Comments

Popular posts from this blog

Mother's Day 2020 gift ideas: 18 gadgets and gizmos for tech-savvy Aussie mums

Raising a family is not an easy job, and the women who care for us each and every day deserve to be told how special they are each and every day. While we tend to forget to do that, Mother’s Day reminds us we need to celebrate the women in our lives, whether they’re our own mothers or our wives and partners helping us raise the young ones. Mother’s Day 2020 is fast approaching (with under two weeks to go), and there’s a pretty good chance you won’t be able to take her out to her favourite restaurant this year, or even get to a store to shop for something she might like. So we have to get creative, and TechRadar’s Australian team has put together this little list of great tech gift ideas that you can buy online and have delivered in time for May 10. But you will need to get a wriggle on as delivery supply chains are under strain with more people shopping online. Whether she’s a whiz in the kitchen, loves to cosy up with a book or entertain at home, we’ve got a gadget or gizmo that’s s...

Amazon Australia has specials on Bose products all this week

December may have just begun, but the world's largest online marketplace is already feeling the Christmas spirit.  To kick off the month’s festivities, Amazon Australia is celebrating  ‘7 Days of Deals’ with Bose's superb audio hardware discounted each day. To begin with, the very popular (and rightly so) Bose QuietComfort 35 II and the more expensive Bose Noise Cancelling Headphones 700 are available for less. To sweeten the deal, Amazon will throw in an Echo speaker as a bonus as well. When you purchase the superb Bose Headphones 700, you will receive a free Amazon Echo Show 5, or if you’d prefer the Bose QuietComfort 35 II, you’ll receive a complimentary Echo Dot. The offer is valid until December 8, or while stocks last. You can buy the same bundles, for the same price if you make the purchase via the Echo Dot or the Echo Show 5 product pages on Amazon. Just make sure you select the bundled headphone in the 'add other items' section on the right. Best noi...

Valentine's Day flowers: the best online flower delivery services

February 14 will be here before you know it, and if you, like many others, are searching for that perfect gift, then placing an online order for Valentine's Day flowers is always an easy and romantic option. You can order a beautiful floral arrangement in minutes from a variety of online retailers, including; 1-800-Flowers, Amazon, ProFlowers, Teleflora, and many more. To help you sort through all the Valentine's Day offers, we've rounded up the best online flower delivery services in both the USA and the UK and listed their current promotions. We've also included delivery charges and made sure to mention if you can allocate specific days for delivery. There's a fantastic range of bouquets and gifts available from our selection of florists below, and online delivery from a specialist means you don't have to worry about the usual hassle of buying from a store and getting them home safely. We'll be updating this page as we get closer to the big day so you...