It’s that time again—we’re just over a week into the new year, and if you’re in the enterprise tech world, prediction season is in full swing. The time is now for taking stock of the year past and looking ahead to what will impact business, innovation, and how we work for the next 365 days. Is it an exact science? No. Are we always right? Also no. But it’s fun to speculate, and even more fun when we see some of our crystal ball musings shake out.
It should come as no surprise that the team here at Clear Skye is particularly focused on how the identity and security markets will evolve. And we’ve got a lot to talk about. After all, it’s been a huge year with high profile breaches, billion-dollar acquisitions, and cybersecurity legislation starting to take shape. And while many of the tried and true best security practices remain over the years, we’re being faced with new and complex challenges at warp speed.
With that in mind, here’s our take on where the identity and security space is headed over the next 12 months:
Cloud and Remote Work Growing Pains Will Continue
According to a Harvard Business School survey, over 80% of workers don't want to go back to the office full time. As a result, most companies are extending flexible or hybrid working protocols and the accompanying cloud infrastructure to support it. This requires the use of more business applications and systems, and while it’s great for morale and employee satisfaction, it presents a much larger attack surface to secure. Add contract and gig workers from varying departments and positions with different levels of access and entitlements and you can see how this gets complicated quickly.
Attackers know this—and it’s made identity-based attacks ripe for the taking. Microsoft, for example, saw 921 attacks every second, a 74% increase in volume in the past year alone, the company reported. And this isn’t even counting factors like negligence or inactive accounts of employees' past. We also must consider that insider threat incidents have risen 44% over the past two years, with costs per incident up to $15.38 million (Ponemon Institute). It’s likely this will get worse before it gets better, but in the meantime, the best defense is having strong identity controls.
Cross-Functional Teams Will Become Commonplace
Expanding cross-functional teams will become a necessity to manage IT across a business. Operationalism of technology and security should diffuse where the technology is being used—not off in its own silo. This, of course, requires tech skills, but low- and no-code tools are making this more feasible for domain experts. For example, an HR person who is tasked with on- and off-boarding employees should be able to grant or rescind access to certain tools and systems on their behalf. And tech solutions are finally starting to catch up to this need.
While this will enable functional areas to perform more efficiently, tech/IT competency and risk awareness will be paramount for success. Give too much access and you make your organization vulnerable to risk. On the other hand, too little access will cause frustration with employees who don’t have what they need to perform their jobs. It’s a fine line, but businesses need to start looking at the whole organization when it comes to technology, security, and user experience.
Vendor Consolidation Will Persist
Today, even organizations with the most modern IT frameworks are looking for a way to orchestrate identity management across hybrid-cloud environments. Leaders are increasingly aware that many independent solutions are not equipped to protect today’s complex, distributed workforces. Unified identity promises to centralize the management of identities and access in a single platform, and the industry is taking notice. And we can understand why—a platform approach is not only more secure, but helps streamline workflows, and increase productivity, thus lifting revenue in the process.
This year, Microsoft announced the launch of Entra, a new product family of identity and access management solutions. This includes existing tools like Azure Active Directory (AD) alongside two new product categories; Cloud Infrastructure Entitlement Management (CIEM), and Decentralized Identity. Thoma Bravo acquired identity and access management powerhouses, SailPoint and Ping Identity, with ForgeRock next on the list. Expect to see more vendor consolidation in 2023 as organizations start to realize the value of a platform approach.
It’s Still Early Days for a Passwordless World
We all know passwords are not the most secure way to protect our information. But what’s the best alternative? We’ve talked about the death of the password for years, but this shift requires major infrastructure changes that enterprises simply aren’t ready for and can’t afford. With engineering, websites, and products that will need to be rewritten entirely, it’s not as easy a fix as some might assume. While products like Apple Passkeys are easy to integrate and use, it’s unrealistic to believe 2023 is the year we’ll say goodbye for good. In the meantime, there are steps users can take to protect themselves.
Leverage apps that include biometrics for authentication. For example, rather than use a web client to access your bank, use the phone app, which integrates with the facial recognition capabilities of your mobile device. Use unique, strong, passwords for each website that requires authentication and let the browser store the password. Most browsers synchronize the data between your laptop and your phone so once you start doing this, your need to remember passwords diminishes so you can create as complex a password as you want. It’s not the most sexy, but it’s the most practical—for now.
While the password problem and speed bumps with our cloud and ‘work from anywhere’ world follow us into the new year, we’re optimistic. Despite the challenges these factors create, we’ve reached an inflection point. We can continue chasing the new, shiny, best-of-breed solutions, or we can start thinking big-picture with a platform approach to identity, security, and beyond. It’s clear tech visionaries are, and it’s easier than you may think. In fact, you may even have some of these capabilities within your existing IT Service Management (ITSM) provider (hint: ServiceNow + Clear Skye).
It will be interesting to see where 2023 takes us—thanks for coming along for the ride!