Skip to main content

The changing face of identity management

As we enter a new decade, it’s interesting to see how far we’ve come over the past 10 years in terms of access and identity management. When the 2010s began, only 38 per cent of data breaches used stolen credentials; by 2017, this figure was 81 per cent. As the pace of digitization has increased, identity and access assurance has become a critical issue and the single most important control for managing digital risk. 

From an eBay database being stolen using employee credentials in 2014, to passwords from high profile breaches of companies including Google, Yahoo and Hotmail all ending up for sale on the Dark Web; identity has been at the heart of some of the major security incidents in the past decade. 

As we have become more reliant on digital interactions that rely on identities, new and unprecedented security challenges have been raised. We need to be able to trust the device, the networks and the user; even though we can often no longer see who or what that is. Identity has become a crucial weakness that hackers are exploiting. But with the increased focus on identity, there’s also an opportunity for organisations to strike a better balance between endpoint security, innovation and an employee’s authentication experience. 

We’ve already seen a huge rise in identity theft, with credentials for sale and thousands and passwords used to maliciously attack companies, but the next decade will see an evolution of identity security, with secure but user-friendly identity strategies on the horizon. From making use of new technologies, including those embedded in today’s smartphones, to eliminating the dreaded password altogether, we can expect the next ten years to transform the way identity impacts the corporate and hacker worlds in several key ways:

1. Credential theft becomes credential hijacking

We continue to see the same security trend echoed year after year – compromised credentials are the number one attack vector for malicious actors; the market for stolen corporate credentials has become a booming business for cyber criminals over the past decade. Looking ahead, however, we can expect hackers to begin to shift their attacks from simply using stolen credentials that are available on the dark web, to infiltrating password recovery mechanisms in order to harvest and then reset user credentials themselves. In other words, attackers will successfully take over user identities and re-establish them with new usernames and passwords, thereby gaining access to critical assets at organisations. 

As the attack surface shifts from away from simply attempting logins with stolen credentials, the stakes will become much higher and will require a new security approach focused on employee monitoring to prove a user is who they say they are – even if they’ve logged in seemingly legitimately.

2. ‘Passwordless’ authentication is on the horizon, but we need to prepare for the consequences

As organisations continue to look for ways to protect users while making security as seamless and invisible as possible, we’ll see a huge increase in those adopting ‘passwordless’ security innovations. But while it’s becoming quite common to leverage face or fingerprint ID, today most passwordless authentication is still rooted and reliant on password management and usernames for account enrollment and recovery. Because of this, they are really “less passwords” rather than truly “passwordless”. As the journey towards true passwordless authentication continues, organisations will also need to think about the  varying user needs across their organizations considering the dynamics at play. For example, as with any IT change, there’s likely to be an initial and evolving burden on help-desk support; users who are not required to use a password day-to-day are almost certain to forget and disregard credentials at a higher rate, thereby requiring more support than they did before. 

3. Authentication will need a personal touch

As we move towards the passwordless world, organisations are today facing a plethora of choice when it comes to their authentication strategies. With constant innovation and evolution in technology, there are now many more ways than ever users can verify who they say they are and access resources; from push notifications, to behaviours, to one-time passwords, biometrics, hardware tokens and more. This can make it difficult for organisations to choose the appropriate authentication strategy. One thing is for sure: there won’t be a one-size-fits-all solution for the varying identity and access management needs across different organisations with dynamic workforces. What we can expect to see is organisations making much more personalised decisions on authentication, so they can strike their own balance between security and user experience.

4. Get ready for the rise of the machines

It’s not just employees that will present new identity challenges in the next decade – we’ll continue to interact with devices in new ways. It’s only a matter of time until smart home devices like Alexa, Siri, Google Home, smart lightbulbs and access devices like smart door locks will begin to transition from purely consumer devices to being leveraged in business and corporate settings. As these automation technologies aid us with more and more complex tasks, the need for these devices to understand who can command them and who they are acting on the behalf of will become much more critical. So, as we use tech-enabled personal assistance for more critical parts of our lives and businesses, it certainly will matter who ‘Siri’ and other devices take orders from.

Welcome to 2020!

As the next decade brings new technology, opportunities and challenges, identity will take front-and-centre priority in the cybersecurity conversation. With attackers developing smarter ways to compromise credentials and as automated devices become more widespread in our corporate worlds, identity will become both a key battleground and an opportunity. The blurring lines between corporate and consumer technology means any identity strategy needs to be both secure and convenient. Success will be all about striking the right balance.



from TechRadar - All the latest technology news https://ift.tt/2tR1KUP

Comments

Popular posts from this blog

The future of Magic Leap's promising AR efforts dim after layoffs

The Magic Leap Two is now further away than ever, unfortunately. Today in a blog post the augmented reality pioneer announced major layoffs and has decided to cut up to half of its workforce, according to some reports. The original Magic Leap One was supposed to be one of the first mainstream augmented reality headsets when it launched in 2018, but a high price point and lack of interest from developers left the headset high and dry after launch. According to the blog post, Magic Leap says it will be focusing its efforts on enterprise solutions (a statement HTC has made recently as well) and shift its focus away from consumer technology… at least for the time being.  The company has been open about creating a second headset that would offer improved specs for some time, but how that work will now have to go forward without half of the team , according to some estimates, remains to be seen. Is the window closing on augmented reality?  Although it’s just one company, Magic...

Du offers new roaming bundle for summer

UAE-based telecom operator du is offering roaming bundle for travelers valid for seven days. The summer bundle features unlimited calling and 2.5GB of data to 174 destinations - all from their own UAE number. Priced at AED 300 (per week) this latest addition to du’s roaming bundles will be available for customers travelling to 174 countries, including GCC countries, UK, US, European destinations, and Egypt, starting from May 30. The postpaid mobile subscribers can subscribe to the roaming bundle by sending the SMS U to 5102. Fahad Al Hassawi, Deputy CEO – Telco Services at EITC, the parent company of du, said that the roaming bundle will enhance the subscribers’ connectivity while travelling overseas and minimise their current pain points. Etisalat doubles internet speeds for eLife Unlimited subscribers from TechRadar - All the latest technology news http://bit.ly/2KbK1O8

Airship acquires SMS commerce company ReplyBuy

Airship is announcing that it has acquired mobile commerce startup ReplyBuy . The startup (which was a finalist at TechCrunch’s 1st and Future competition in 2016) works with customers like entertainment venues and professional and college sports teams to send messages and sell tickets to fans via SMS. It raised $4 million in funding from Sand Hill Angels, Kosinski Ventures, SEAG Ventures, Enspire Capital, MRTNZ Ventures and others, according to Crunchbase . Airship, meanwhile, has been expanding its platform beyond push notifications to cover customer communication across SMS, email, mobile wallets and more. But CEO Brett Caine said this is the first time the company is moving into commerce. While sports and concerts tickets might not be a booming market right now, Caine suggested that the company is actually seeing increased purchasing activity “in and around the Airship platform” as businesses try to drive more in-app purchases. He also suggested that both the COVID-19 pandem...