Six key trends dominate the digital identity and security industry in 2023, according to a new report from Identiverse, which based its findings on the presentation proposals it received for the Identiverse 2023 conference to be held from May 30 through June 2 in Las Vegas.
"This year, we're delighted to release the first annual Identiverse Trends Report," says the report, which "aims to provide insight into the priorities of leaders, executives and digital identity professionals to inform your digital identity strategy for the next 12-18 months."
In his introduction to the trends report, Identiverse Conference Chair and Head of Strategy and Content Andrew Hindle says that the report is a step "towards year-round engagement with our industry and with our growing community."
"Identity is now everywhere, enabling safer, more private, more efficient experiences and interactions for customers and citizens online, and increasingly, in the physical world as well," Hindle says. "Digital identity is critical infrastructure for the 21st century."
1. Identity everywhere
The report cites "significant progress worldwide in enabling citizens to more easily demonstrate not only their 'identity,' but also to discretely share information about themselves — age eligibility or driving entitlement for instance — in security and privacy-preserving ways."
We've already seen initiatives to create digital wallets that would let you share individual pieces of information, such as the European Digital Identity Framework and identity-focused additions to the Apple Wallet and Google Wallet smartphone apps. Third-party digital wallets such as Ping Identity's PingOne ID Wallet are also becoming available.
A new report from CyberRisk Alliance Business Intelligence, titled "Identity and Access Management: Can security go hand-in-hand with user experience?", found that 62% of security and IT executives and managers surveyed were focusing on "connect anywhere" technology, and 56% hope to use it to make the customer experience better.
2. Reusable identity
The identity-management industry is on the cusp of a sea change that will see consumers create digital identities that can be used across multiple online services and accounts instead of creating new identities with each new account.
"With a reusable identity, a user can authenticate themselves once and then access all the services that are linked to their identity without having to re-enter their credentials each time," explains the Identiverse report.
We've already seen this implemented in many organizations with single sign-on (SSO), and the wider deployment may soon move beyond "social" federated identities such as those provided by Apple, Facebook and Google to digital identities that consumers self-manage.
A recent report by Liminal stresses the opportunity for growth in the reusable-identity sector, which Liminal believes will have a total addressable market value of $266.5 billion in 2027 following several years of nearly 70% annual growth.
The Identiverse trend report has likewise spotted "a resurgence in activity around non-person entities: connected vehicles, legal entities like businesses, smart sensors for both industrial and domestic applications, and more."
One recent study of IT professionals found that 98% of respondents said the number of identities was increasing in their organizations due to machine identities and cloud adoption. A Ponemon Institute study found that machine identities already outnumber human identities.
Another trend is a bit more disturbing: The Identiverse trend report says that "the burgeoning adoption of digital identity technologies, including biometrics, raises important ethical questions around diversity and inclusion, access and digital exclusion, privacy and regulatory balance."
Indeed, mistakes made by facial-recognition technology have already resulted in the wrongful arrest of several Americans. Most recently, a Florida man spent a week in jail over Thanksgiving because a facial-recognition algorithm said he was the suspect spotted shoplifting from stores in Louisiana — a state the man said he had never visited.
And a Baltimore man spent nine days in jail for alleging assaulting a bus driver after facial-recognition technology fingered him as the suspect, even though the victim in the case said the assailant was someone seven inches shorter and 20 years younger.
3. Accelerating business
The Identiverse trends report cites "an increased focus on business rationales and outcomes" among the presentations submitted for consideration, adding that "the identity layer is foundational to successful digital transformation projects, and we're now seeing conclusive data to support that."
Indeed, the new report from CyberRisk Alliance Business Intelligence finds that 44% of IT professionals said their organizations had "already implemented IAM in part or in full." Another 26% were "giving it serious consideration," while 19% were developing or had developed an IAM strategy.
4. Death of passwords = long live authentication
"In 2022, authentication took a significant step forward with the advent of passkeys," states the Identiverse trends report, referring to the ongoing joint Apple-Google-Microsoft project that aims to have smartphones replace passwords.
However, the report admits, "from a technical perspective there is plenty of work still to be done." Having recently tried but failed to set up and successfully use Passkeys ourselves, we can attest to that reality. If and when the Passkeys system does end up working well, it should greatly speed the adoption of passwordless authentication.
There is also greater awareness of the possibility that biometric authentication can be fooled, and of the mitigating factor of liveness detection to thwart such efforts.
"Rising consumer adoption of digital onboarding and passwordless authentication will drive demand for biometric solutions," states a report by digital-identity consulting firm Liminal. "Fraudsters are becoming more sophisticated in their attacks, requiring vendors to implement liveness to increase assurance."
Along those lines, Identiverse anticipates growth in identity threat detection and response (ITDR), which Gartner defines as "a security discipline that encompasses threat intelligence, best practices, a knowledge base, tools and processes to protect identity systems."
"It works by implementing detection mechanisms, investigating suspect posture changes and activities, and responding to attacks to restore the integrity of the identity infrastructure," Gartner adds.
If IAM can be seen as striving to enforce identity rules and prevent compromise, ITDR homes in on threats and works to respond to attacks after identity compromise.
5. More emerging technologies
Identiverse reported "seeing significant developments and investments in areas like identity orchestration, API protection and privacy-related technologies; as well as some consolidation and related M&A activity."
We agree, as we've already seen how orchestration can accelerate the end of passwords and how API security is becoming crucial, despite a lack of resources on the part of defenders.
"The digital identity space is going through a rapid transformation," says Liminal's report on reusable identity. "A shift is currently underway that focuses on customer-centric solutions that enable consumer services well beyond initial onboarding."
6. A developing profession
"The digital identity profession is growing at an astounding rate," says the Identiverse trends report. We've already seen that with Liminal's projections, but a separate report by the UK's Juniper Research mirrors those insights.
"The number of digital identity apps in use will exceed 4.1 billion globally by 2027, rising from 2.3 billion in 2023," says the Juniper report.
"This represents a growth of 82% over the next four years," it adds. "This increase will be driven by the use of government-backed digital identities to replace physical identity documents as a source of verification for third-party apps, such as banking and financial services. This will be critical, as businesses aim to reduce identity theft and meet increasingly stringent KYC (Know Your Customer) regulations."
Identity really is everywhere
The Identiverse Trends Report's conclusion stresses the ubiquity of digital identity not only as a sound business practice, but also as an improvement in the customer experience that has the potential to grow business. It also warns organizations to not fail in keeping up with rapid changes in the identity industry.
"Increasingly, we expect to have real control over our digital identity data," says the report. "If organizations don't provide these capabilities of their own volition, regulation and legislation will push them to do so."
"The opportunity to get digital identity right is just that — an opportunity. Winners in their respective markets will seize this chance to outperform their competition," it adds. "Identity really is everywhere. Let's see what it can do for us."
For greater insight into the future of the digital identity industry, please consider attending the Identiverse conference in Las Vegas from May 30 through June 2, 2023.