Identity and access management in 2022 - what will the future look like?
As we enter into 2022, there is still a level of uncertainty in place. It’s unclear what the future holds, as companies around the world still contend with the COVID-19 pandemic. Remote working has been encouraged by most organisations and the move to a hybrid working system has become ‘business as usual’, for the majority of businesses. Some have reduced their office space or done away with their locations altogether.
Following best security practices
With all this change in place, there are problems to deal with. According to research, 32.7% of IT admins say they are concerned about employees using unsecured networks to carry out that work. Alongside this, 74% of IT admins thought that remote work makes it harder for employees to follow best security practices.
This need to manage security around remote work is no longer temporary. Instead, companies have to build permanent strategies around remote work and security. The coming year will also create a different landscape for small and mid-sized businesses (SMBs).
Here are some key predictions for next year and what to start preparing for in 2022:
The reality of SMB spending around security will hit home
SMBs had to undertake significant investments to adapt to remote working
SMBs had to undertake significant investments to adapt to remote working, especially in comparison to their size. They had to undertake significant digital transformation projects that made it possible to deliver services remotely, during the COVID-19 pandemic. We’ve seen a shift in mindset for these companies, which are now more tech-focused in their approach to problem solving.
According to our research, 45% of SMBs plan to increase their spending towards IT services in 2022. Around half of all organisations think their IT budgets are adequate for their needs, while 14.5% of those surveyed believe they will need more, to cover all that needs to be done.
Identity management spending to support remote work
For others, the COVID-19 pandemic led to over-spending, just to get ahead of things and they will spend in 2022, looking at what they should keep and what they can reduce their spending on.
Areas like identity management will stay in place, as companies struggle to support remote work and security, without this in place. However, on-premise IT spending will be reduced or cut, as those solutions are not relevant for the new work model. Services that rely on on-premise IT will be cut or replaced.
The device will lead the way for security
We rely on our phones to work and to communicate. In 2022, they will become central to how we manage access, to all our assets and locations, IT and physical. When employees can use company devices and their own phones for work, security is more difficult. IT teams have to ensure that they’re prepared for this, by making sure that these devices can be trusted.
Wide use of digital certificates and strong MFA factors
Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication
There are multiple ways that companies can achieve this, for example - By using digital certificates to identify company devices as trusted, an agent, or strong MFA factors, like a FIDO security key or mobile push authentication.
Whichever approach you choose, this can prevent unauthorised access to IT assets and applications, and these same devices can be used for authentication into physical locations too. Rather than requiring a separate smart card or fingerprint reader, devices can be used for access using push authentication.
Understanding human behaviour
Alongside this, it is important to understand human behaviour. Anything that introduces an extra step for authentication can lead to employees taking workarounds. To stop this, it is important to put an employee education process in place, in order to emphasize on the importance of security. The next step is to think about adopting passwordless security, to further reduce friction and increase adoption.
Lastly, as devices become the starting point for security and trust, remote device management will be needed too. More companies will need to manage devices remotely, from wiping an asset remotely if it gets lost or stolen, through to de-provisioning users easily and removing their access rights, when they leave the company.
Identity will be a layer cake
Zero Trust approaches to security
Identity management relies on being able to trust that someone is who they say they are. Zero Trust approaches to security can support this effectively, particularly when aligned with least privilege access models.
In order to turn theory into practical easy-to-deploy steps, companies need to use contextual access, as part of their identity management strategy. This involves looking at the context that employees will work in and putting together the right management approach for those circumstances. For typical employee behaviour, using two factor authentication might be enough to help them work, without security getting in the way.
How enterprises manage, access and store identity data
There will also be a shift in how enterprises manage, access, and store that identity data over time
For areas where security is more important, additional security policies can be put over the top, to ensure that only the right people have access. A step-up in authentication can be added, based on the sensitivity of resources or risk-based adaptive authentication policies might be needed.
There will also be a shift in how enterprises manage, access, and store that identity data over time, so that it aligns more closely with those use cases.
Identity management critical to secure assets in 2022
There are bigger conversations taking place around digital identity for citizenship, as more services move online as well. Any moves that take place in this arena will affect how businesses think about their identity management processes too, encouraging them to look at their requirements in more detail.
Overall, 2022 will be the year when identity will be critical to how companies keep their assets secure and their employees productive. With employees working remotely and businesses becoming decentralised, identity strategies will have to take the same approach. This will put the emphasis on strong identity management as the starting point for all security planning.