Identity and Access Management in 2024: Trends We’re Watching
Thoughts from the IDENTOS leadership team on where they expect to see progress in the coming year.?
We asked some members of the IDENTOS Inc. leadership team to share their top observations and trends for identity and access management for the next 9 to 12 months.? Four predominant themes emerged as key focal points:
Mike Cook (CEO), Alec Laws (CTO) and Shawn Heeley (VP of Customer Success) take a deeper dive below.
Mike Cook, CEO and Co-Founder
Digital Trust
Digital trust will take a front seat this year.? Specifically, I believe we’ll see an acceleration in two closely linked and key areas of digital trust which will benefit digital security of both citizens and organizations:
Trustmarks and accreditations will have a strong year in 2024 driven by the ongoing alignment of standards, policies and technology across key geographical areas.? This trend is particularly evident in the increasing alignment of identity issuance policies, streamlined processes, and corresponding definitions of assurance, in relation to the quality of verification and the management of credential lifecycles.? Over the past two years, there has also been a rapid rollout of programs closely adhering to NIST and eIDAS standards, further reinforcing this upward trajectory, including:
As credentials with recognized assurance become more prevalent, we'll witness their utilization transcending organizational, jurisdictional, and geographical boundaries, demonstrating the utility of trust frameworks.? The utility associated with a common understanding and the veracity of assurance, coupled with trustmarks, will pave the way for safe and trustworthy organizational collaboration at scale. This, in turn, will foster discussions and debates to establish a normative benchmark for trustmarks, seeking both geopolitical interoperability and alignment or equivalence with existing regulatory policies such as FINTRAC.?
Given the substantial influence of regulations, there will be a continued need for public-private collaboration in refining trust frameworks to ensure future regulatory policies remain aligned and that frameworks keep up.
Alec Laws, CTO
领英推荐
Closing the Gap on Authorization Policies and Processes
There are many ways to securely identify or authenticate a person – OpenID Connect (OIDC), Security Assertion Markup Language (SAML), Self-Sovereign Identities (SSI) and now passkeys.? Despite these options, a notable gap persists in achieving interoperability concerning authorization policies and decision-making processes.??
Looking ahead, I anticipate a significant development in the form of emerging policy languages designed to address these challenges.? This shift is already underway with initiatives like Cedar, an open-source authorization policy language, and the AuthZEN IETF Working Group, dedicated to documenting common authorization patterns. The latter aims to establish standard mechanisms, protocols, and formats for communication among authorization components, whether they operate within a single organization or span multiple entities. This transformative trajectory signals a promising future for enhanced connectivity and coherence in authorization frameworks.
Evolution of Digital Wallets
As digital wallets and the widespread adoption of 'tap to pay' methods gain prominence as users' preferred means of payment, check-in, and seamless identification, there is a growing impetus for device manufacturers to extend the capabilities of ID and digital wallet functionalities.
A notable player in this space is the IDunion project, which is spearheading efforts to construct and pilot an open ecosystem for decentralized identity management. This initiative is poised to witness the adoption of critical use cases, marking a significant stride toward the realization of a more efficient and user-friendly decentralized identity landscape.
Shawn Heeley, VP of Customer Success
Realtime Authorization and Consent
Governments, the financial sector and private sector have all made great progress to break down internal silos and created centralized authentication systems – that was the first step.? Accelerated by COVID, we’ve seen these same organizations increase spending and focus on strongly identifying a user online to either improve access to services or drive down brick and mortar costs. 2024 will be the break-out year where we will see centralized, reliable and accurate online identity systems that will provide individuals and businesses access to high-value services – more than just changing your address or registering your pet.? But what most organizations may not yet realize is that this is not the last step. With increased regulation and risk around the collection, storage and transmission of data, there is a growing trend away from providing all data to all services all the time. This year, we will see a further push towards decentralization and granularity of data and a more user-centric approach to real-time sharing of data to facilitate transactions, whether that be business or personal.
AI in Technical Operations
2023 has been the year of AI.? We are all still trying to figure out what value it will bring to us personally and in our day-to-day work life.? One area that I believe will see significant growth is the use of AI within managed services and technical operations. We will see new features and services being offered by cloud providers and 3rd parties creating value-added services with broader adoption by their customers.? We will see more predictive analysis tools that look deeper into the managed services stack and we will see more Robotic Process Automation (RPA) tools emerging that will manage the lifecycle of incidents and changes. This will have a powerful effect of freeing up critical DevOps and SecOps personnel to focus on higher value business initiatives and outcomes, and letting AI handle the day to day tasks of keeping the lights on while still providing a level of service and care that customers expect.
Post-Quantum Cryptography (PQC)
While quantum computers and meaningful quantum computing may still be some years away, the cryptography industry has been busy drafting and approving cryptographic algorithms that are quantum resistant.? In 2024, we will see requests for PQC support start coming from our customers as they will need to start working on a roadmap to be crypto-agile and have a plan for rolling out PQC algorithms across their organizations.? Vendors will start to see requests from their customers as to whether their products support PQC algorithms and if not, how will they get there?
Key Takeaways: Digital Identity Trends in 2024
Our leadership team is watching the dynamic digital identity landscape shaped by three key themes in the months ahead:?
Navigating these changes can be challenging, especially in the face of ever-evolving standards and technologies. Contact us today to learn how IDENTOS can help your organization keep pace with the latest digital identity requirements while delivering a secure and flexible IAM platform customized to your needs.