As the coronavirus pandemic accelerated the migration to the cloud, the identity and access management (IAM) tools companies used also had to change during this digital transformation, said Bob West, chief compliance officer for they payment app Metal. Some of those changes include moving away from IDs and passwords, a topic that has been discussed for over 20 years.
“We’ve reached this tipping point where there’s been this imperative to accelerate this digital transformation and identity tools that compliment that digital transformation,” said West.
Identity and access management is important in the current cybersecurity climate to prevent account takeovers, which often indicates a ransomware attack, he said. Another challenge is navigating regulations and privacy issues, including with the Sarbanes-Oxley Act and GDPR in Europe.
As organizations move to passwordless authentication, West said multi-factor authentication is clunky and open to man-in-the-middle attacks. Biometrics, however, is at the point where it not only facilitates authentication, but enhances the user experience.
The next generation of biometrics will allow IAM to go beyond IDs and passwords because they reside outside the infrastructure, which is also a problem with magic links or one-time passwords since they also could be leveraged in an attack.