2021 Predictions for Identity and Access Management (IAM)

What does 2021 have in store for Identity and Access Management (IAM) and related security workloads like authentication? Industry experts weigh in:

What we know about digital identity will change

“Non-human identities will be just as important as human identities. While we often associate digital identity with a person, many other “things” will need identities from watches to wristbands, to supervisory control and data acquisition (SCADA) sensors and medical equipment, to even DevOps containers and Kubernetes resources. While the number of human identities may grow at a slow pace, the number of non-human identities will explode. For example, enterprises want to attach identities to machines, such as virtual machines, hosts or containers to control security, as well as spend on cloud compute. The ratio of humans, or developers, to machine identities is 200:1 and still growing.” – Mary Writz, VP of Product Management at ForgeRock



A Zero Trust framework is no longer optional for enterprises

“There’s no doubt that COVID-19 and the shift to remote work have accelerated Zero Trust adoption in the enterprise. In 2021 and the following years, implementing a Zero Trust approach will become essential to protecting every enterprise, regardless of industry. This is due to the increasing volume of cyberthreats that organizations and individuals face on a regular basis, and human error remains one of the top causes of security breaches. In fact, roughly one-quarter of all data breaches are caused by human error, with the average cost of $3.92 million for each breach, according to a report from the Ponemon Institute. As a result of this growing issue, the Zero Trust Model will become the new standard, in which all users, even those inside the organization’s enterprise network, must be authenticated and authorized before being able to access apps and data.” – Jasen Meece, CEO of Cloudentity



Active Directory and authentication attacks will continue to dominate ransomware and breach events

“In 2021, as attackers seek dominance in victim networks, attacks against Active Directory and authentication, like the SolarWinds attack, will continue to dominate major ransomware and breach events. In particular, healthcare and manufacturing attacks will continue to accelerate, given the large amount of legacy protocol use and gaps in visibility in critical infrastructure.” – Jason Crabtree, CEO and Co-Founder at QOMPLX


Identity is the new security perimeter

“Threat actors will continue to adapt their attack tactics to capitalize on employees working from outside the company’s physical office perimeter. As remote work continues, the utility of traditional controls like firewalls to protect corporate resources will be diminished as there is no longer a true physical perimeter and employees are now accessing business applications through various devices in various locations. Plus, many of the accounts employees use to get their work done are not full within the control of the IT team. Instead, organizations will look to new ways of protecting the identity of the user, as well as the identity of the device. Identity will become the new security perimeter. In 2021, IT teams will have to implement a more robust identity and access management (IAM) strategy with solutions such as single sign-on (SSO), password management, and multifactor authentication (MFA) to support a secure digital dynamic workforce and to further enhance remote employees’ security.” – Gerald Beuchelt, Chief Information Security Officer, LogMeIn