Before we go into the top 2023 IAM trends, let’s summarize what enterprises experienced in 2022. Upheaval has characterized the majority of 2022, permeating across virtually all aspects of personal life and business. The cybersecurity and access management sectors are among the chief industries observing the state of the constant shakeup, bearing witness to emergent technologies, paradigm shifts, and high-profile breach events.
Now that turbulent 2022 gives way to the new year, business and enterprise leaders are eager to predict the new challenges awaiting them in 2023. However, lacking expertise and experience with modern management systems can prove disastrous, as uninformed decisions can miss vital information and result in erroneous judgment calls.
The best way to avoid such hazards is to enlist the wisdom of those with their ears to the ground of the IAM (Identity and Access Management) landscape. Simeio’s extensive teams of identity and security experts deal with emergent issues every day, making us your ideal source of informed predictions on the biggest ongoing and upcoming trends facing you in 2023.
The Biggest Breaches and Other Events in 2022
2022 was a watermark year for high-profile cyber-attacks, encompassing some of the most daring and costly breaches in data history, with many of these breaches being identity and credential-based. Most notable among these was the Uber breach (despite MFA protections) due to unencrypted admin privileges and the Okta attack through a third-party identity compromise.
In both cases, the protections in place could not account for human error and the lack of comprehensive security across all identity surfaces. The pattern that emerged was a concerted targeting of identities and identity systems by malicious actors. Without comprehensive defenses across the IAM apparatus, its gaps will remain large enough for hackers to squeeze inside.
The IAM industry has already begun shifting in response to these emergent challenges. Early signs of consolidation emerged in 2021, with AM companies investing in IGA (Identity Governance and Access) and PAM (Privileged Access Management) capabilities. At the same time,edicated PAM service providers successfully acquired a multitude of smaller AM vendors.
This trend continued into 2022, with IAM and SaaS (Software as a Service) providers moving towards holistic Identity solutions and a market need for scalable systems. Overarching paradigm shifts, such as the FIDO Alliance’s push for Passwordless authentication, should translate to more frictionless verification processes in the coming year.
2023 IAM Trends
1. Passwordless Authentication
The digital acceleration brought on by the pandemic drove countless users to off-site machines, greatly expanding the attack surfaces of spread-out systems. Traditional passwords have become the most common attack vector for data breaches. Passwordless authentication sought to remedy this issue in 2022 and is poised to expand significantly and will be a 2023 IAM trend.
Vikram Subramanian, Vice President at Simeio, believes that Passwordless verification should be implemented as soon as possible. “It is the beginning of the end of the password,” reports Subramanian. “The cost of a password reset is the driving force, and since SSO (Single Sign-On) did not deliver, a new solution is needed.”
Asif Savvas, Simeio’s Chief Product Officer, echoes this sentiment. “With the credential at the root of a number of breaches, we expect enterprises to further focus on reducing the friction in the authentication experience,” said Savvas. “This is usually achieved by adding a biometric authentication process that Passwordless solutions deliver.”
2. Access Solutions for Machines Identities
Passwordless security is hardly the only 2023 IAM trend worthy of attention. Many machine identities have begun interacting with various business processes and data in vital realms. While PAM solutions are building out capabilities to secure these devices, some machines will fall out of the scope of current PAM; new solutions will emerge to address this need.
3. Focus on Identity Threat Detection and Remediation by IAM service providers
Identity Management as an industry has evolved over the years, evolving from a solution rolled out for efficiency and compliance to being a foundational security pillar. With this evolution, Identity management vendors focused on the Data and information protection are likely to start building out their capabilities in identity threat detection and remediation.
In a remote world with increasing privacy regulations, companies need robust user protection and identity functionality. Recent acquisitions of identity companies, including ForgeRock, Ping Identity, and SailPoint, harken back to the early 2000s when disparate data solutions were consolidated into a comprehensive apparatus.
Telltales of a Vulnerable Identity System
If you’re having difficulty deciding if your enterprise should follow suit, take a moment to consider the following telltales of a vulnerable identity system.
- Rely on traditional password-based systems?
- Trust that a VPN is sufficient encryption for your sensitive data?
- Not employ MFA sign-on?
- Use unintegrated, unsupported, or outdated software?
- Take more than 4 hours to hire, fire, or modify the access of a user?
- Not have the ability to flag and trace your privileged access authorization?
If you answered yes to any of these questions, then your IAM solution is woefully underequipped to deal with the realities of 2023. Any of these criteria marks your systems as easy prey for a determined hacker ripe for breaching.
Cyber-attacks, attempted and successful, are underway every hour of the day, and without Primary Controls and a proactive cybersecurity strategy, you’ll find yourself at the mercy of your attacker.
The best way to overcome your enterprise’s weak points and modernize for the current year is to draft and develop your business’s identity maturity map. Measure the current state of your IAM solution against what you want to see. Include your Identity Governance, Privileged Access Management, Access Management and CIEM (Cloud Infrastructure Entitlement Management).
This maturity map needs to outline the processes as well as the controls in place to protect the enterprise assets, providing guidance on where the investment needs to occur. A low level of maturity in areas of high risk is often an indication that the processes and tools in place are not effective and need focus.
Take the long view on IAM investments most likely to boost your business in the coming years. Measure every dollar spent on expert development and implementation as a dollar saved, with dividends paid out in greater efficiency and better protection against costly data breaches.