With the growing connectedness of all things great and small, the need for trusted identities will take center stage in 2015. Organizations will adopt stronger forms of authentication including multi-factor authentication and context-sensitive identity solutions to mitigate risk and meet compliance standards. Browsers will do their part to make online transactions safer by promoting SSL for all sites, and promoting extended validation (trusted green address bar) and more transparency around digital certificates. Identity and access management (IAM) will move from serving employees internally to the extended enterprise, where customers and partners will interact more securely and transact more business through web services.
And how can we forget the Internet of Everything, where all things – from smart cities to smart appliances will require trusted identities as part of our increasingly connected world. All of these identities will require lifecycle management, from vetting to run-time validation and revocation capabilities.
Here are six ways that the identity approaches will capture industry attention in 2015.
Authentication moves beyond user name and password - finally.
Biometrics, digital certificates, challenge questions, one-time passwords and geolocation will all provide for more secure access. Social vetting, claims-based authentication and step-up authentication, depending on transactional risk, will all become more common. Administrators need ways to easily authenticate, deploy and manage digital identities as needs change. The time-honored user name and password simply won't cut it and will fade away as an authentication mechanism except for the most basic of access capabilities.
Online transactions will become even more secure.
Google has been advocating for all websites to be SSL-secured and the industry is pushing for enhanced vetting and the issuance of Extended Validation certificates, which convey the highest level of site authentication. The Certificate Authority and Browser (CAB) forum is advocating for additional changes to make SSL more secure, including the deprecation of 128-bit certificates, OCSP stapling and certificate transparency. Thankfully we are seeing growing support for Open Source projects, such as OpenSSL, which is now being generously funded by industry leaders, in the wake of this year's security flaws. Collaboration will take place on a larger scale to ensure that this venerable standard remains strong and trustworthy.
Demand for identity standards will grow.
In the Internet of Everything identity will become a collaboration enabler in addition to a security requirement – creating new business opportunities for manufacturers, service providers, application developers and organizations. As a result identities that are usable across diverse eco-systems are needed, but that requires industry-wide cooperation. New standards, federation and trusted identities will be needed to deliver on the promise of the IoE, with so many types of people, devices and transactions at play.
Identity relationship and access management will focus on the extended enterprise.
Traditional IAM has been driven by HR and IT – focused on employee productivity and compliance. Today, Identity Relationship and Access Management (IRAM) is being driven by business units to enable new e-services and business models. Capabilities like CRM integration, social vetting and identity federation will extend the enterprise, where business ecosystems with subcontractors, customers, partners and other stakeholders will benefit from streamlined, more user friendly yet authenticated, transactions creating new revenue sources, better customer interactions and managing identities in the IoE.
Security and identity will remain after thought considerations within ‘Thing' design.
As a result, unfortunately it is highly likely we will see an increase in the attacks against such platforms until manufacturers get smart about designing in identity credentials.
Identity services will move to the cloud.
As identity and security needs dramatically increase for organizations of all sizes, more cloud-based identity services will be offered – making it simpler for manufacturers and organizations to implement and manage identities both within their own enterprises and for their extended customer and partner networks.
Joan Lockhart is chief marketing officer at GlobalSign, the security division of the Tokyo-based GMO Internet Group (TSE: 9449) and a provider of identity services for the internet of everything, mediating trust to enable safe commerce, communications, content delivery and community interactions for billions of online transactions occurring around the world at every moment. GlobalSign's identity and access management portfolio includes access control, single sign-on (SSO), federation and delegation services to help organizations and service providers create new business models for customer and partner interactions.