Managing identity risks in 2022: three trends to prepare for

Published: Thursday, 30 December 2021 14:36

What should you expect to see in the coming year as the management of identity-related risk continues to evolve? Craig Ramsay highlights three areas that need consideration.

Intelligent unification

A significant trend in identity management in 2022 will be intelligent unification – a meaningful convergence of technologies and identity disciplines. Now, more than ever, organizations have a plethora of solutions at their disposal. This can lead to siloed information and a disparate approach to security where some solutions are focusing on niche use cases.

Maximizing the capabilities and information available to provide a unified and holistic view of identities, their access, the contexts or reasons why they have the access, and usage data showing how they are using the access will be crucial in reducing identity related risk. Breaking down these siloes and sharing information across these boundaries will provide assurance that your identities are truly secure and greater adaptability to tackle new identity challenges as they arise.

Continued cloud adoption

SaaS solutions and cloud services will continue to enjoy increased adoption in the new year. In a survey by Enterprise Strategy Group, respondents reported that 52 percent of business-critical apps are now cloud-based rather than on-premises - and that number is growing. Organizations are now able to switch vendors and to scale up services they have been using more easily than ever before. This subsequently increases the threat surface within organizations when it comes to managing identity-related risk.

In light of this continuing trend, identity governance and IAM solutions must be able to provide a cloud native foundation of versatile configurability. This will allow organizations to securely scale with demand and securely manage their identities across an ever-growing number of applications and services.

Increased autonomy

Autonomy in identity management processes will increase throughout 2022. Currently, identity management still involves an amalgamation of manual and semi-autonomous activities – meaning that there can be considerable overhead for administrators and end users. This manual effort combined with the continued shortage of IT and security professionals is not sustainable.

Identity lifecycle management and access provisioning has been automated to varying degrees for some time. Governance around user access requests, reviews, and violation management less so but recent innovations have seen drastic improvements in prescriptive analytics providing decision support for end users, reviewers, and approvers. It’s true that for the most critical applications and sensitive data, there will always be a need for some level of human decision making or approval. However, as we see an increase in the amount of useful data held on identities and their access, automation of approval, review, and violation detection and remediation will also increase.

The marriage of flexible configurations and increased identity analytics will bring about intelligent unified governance platforms. Such platforms will significantly reduce the manual aspect of implementing, managing, and interacting with identity management processes.

Securing identities for the future

Now that the traditional corporate perimeter no longer exists, how do you adapt to an identity-centric approach to your cyber security strategy? The last two years have ushered in a sea of change regarding how organizations manage identities and their access. Hybrid working and cloud-based services and applications create greater opportunities for anytime, anywhere productivity but also increases the complexity of managing your identity related risk. The right solution coupled with the right strategy will enable you to realize the benefits of these opportunities without sacrificing on security or efficiency.

Cloud adoption will feed into the emergence of unified identity governance solutions and increasing autonomy. Organizations need an identity-centric strategy that provides a holistic view of identity that frees their end users and administrators from the drudgery of tasks that can be automated. Keep an eye out for these trends in the new year and reflect on whether your strategy is ready for the year ahead.

The author

Craig Ramsay is, Senior Solution Architect, Omada.