2014 Identity Management and IT Security Predictions

2014 Identity Management and IT Security Predictions

Top trends.

Identity Management Predictions

2014 just started and the coming year signals a new era. In 2014, trends beginning around 2009 take shape to become the norm. Gone are the days of blind trust in privileged accounts, lackadaisical governance and the outsourcing frenzy. On the bright side for IT Security professionals, 2014 looks to be the year of the job.

Here are our top identity management predictions for 2014.

1. Identity Management at Center Stage

Prediction: Organizations that embrace efficiency look to experience better access control, governance and security at a lower cost.

Identity and access management (IAM) continues its transition from information technology to an overall business enablement tool. Threats to businesses, mounting compliance, and information security concerns push identity management to center stage. Enterprises seek increased capabilitiesfrom next-generation IAM solutions, such as Self-Service with robust workflow automation. As an added benefit, automated workflow tied to identity requests results in better security. Where Identity management once simply referred to granting access, it now truly delivers on all of the needs of an identity from access to assets to every type of service request.

2. The Value of Intelligent Outsourcing

Prediction: Companies continue to experience less value and lowered information security than anticipated from outsourced IT operations.

Outsourcing relationships continue to be focused on IT operations, and as a result, they can negatively impact security, as outsourcers must make decisions based on cost savings vs. security. In 2014, companies begin to think more intelligently about information security outsourcing. This includes what to outsource and what not to outsource. Commodity capabilities, like vulnerability scanning and best practice risk assessments, lead the outsourced services. Such outsourced services allow internal resources to focus on more strategic work. At the same time, they give an objective evaluation of vulnerabilities and operations.

3. Identity Governance and Administration Takes a Leading Role

Prediction: An Identity governance and administration focus will prove to be essential.

The days when IT operates in a silo are over as technology becomes embedded in all aspects of the business. In the new era, business users leverage whatever technology is available to them and on any device to execute their duties. With business users leveraging social networks, cloud services and on-premise enterprise systems, the need to efficiently review access, asset and service assignments becomes just as critical as the original granting of them. As part of the new era, Identity Governance and Administration (IGA) offers unified controls linked to the provisioning solution. While IAM focuses on securely assigning privileges, access certifications provide as much or more security benefits by validating existing access. Since people often acquire excessive access over time, an IGA focus proves to be essential in 2014.

4. Information Technology Leadership under the Spotlight

Prediction: Numerous technology improvements and best practices will keep security leaders scrambling to examine and execute ahead of corporate risk.

The Identity Theft Resource Center® recorded 619 breaches in 2013 representing a 30% increase over the 2012 total. Even with the dramatic onslaught of high profile breaches and increased awareness about enterprise risks, information security improvements still lag behind the resources and technology available to CISOs. In 2014, security leaders continue to drain their time and efforts complaining about budgets and upper management support when a focus on operational execution could dramatically improve their security stance.

5. Legacy of Failed Identity Management Implementations

Prediction: The legacy of failed Identity Management implementations will finally be overcome.

Rather than thinking strategically with a full business view of one-time costs, ongoing costs and operational efficiencies, organizations look primarily at software licensing costs when making decisions. Organizations investing in identity and access management must think beyond software licensing costs. It represents a minimal piece of the overall financial puzzle especially now that IAM has evolved to automate more than just account provisioning. When license cost is the primary concern, organizations later realize that implementation costs, ongoing support challenges, and unrealized benefits dramatically impact the solution’s overall ROI as well. For identity management solutions, the flexibility of the product must be top-of-mind as well since it must be able to adapt to future business changes.

6. Identity Management Reaches into Consumer Pocketbooks

Prediction: As hackers target credit card information, requests for an enterprise focus on PCI Data Security Standards (PCI DSS) will come from the boardroom.

Over the holiday, retail giant Target acknowledged system breaches affecting over 40 million credit and debit cards. The security breach started on their store payment systems and spread to their enterprise systems. Target’s cyber breach exposed the organizational lack of control over consumer’s privileged information. Although Target quickly righted their security inadequacies, according to security experts, the cyber crime ranks as one the biggest consumer breaches ever. In spite of the news, this incident represents the tip of the iceberg. In 2014, expect to hear more.

7. Rising Concern Over Privileged Identity Management Threats

Prediction: Although key compliance and best practice regulations such as PCI-DSS, HIPAA, SOX, FIPS 200, and NIST 800-53 all require privileged access controls, whether executives take action, remains to be determined.

After Edward Snowden supplied journalists with classified NSA documents, every executive from CISOs to CIOs realized the true risks of privileged access. IT staff holds the keys to most corporate systems. Without monitoring and controlling privileged access, every organization is at risk. Granting access is one thing, but continually monitoring and attesting to who has this access becomes a critical activity.

8. Small and Medium Size Businesses Reach for Cloud Identity Management

Prediction: Small and medium size businesses will embrace Cloud Identity Management.

According to Cisco’s Small and Medium Business Services (SMB) research, SMB cloud and SaaS will grow to over $200 billion in 2015. Effective cloud identity management will decide whether security is an enabler or simply an IT cost component. Without proper controls, large enterprise organizations will continue to perceive the threats in moving to the cloud as too risky. While IAM solutions are increasing their capabilities to manage cloud accounts, cloud providers are also creating APIs to allow for direct access management. As cloud IAM functionality matures, enterprises will begin leveraging cloud services to save money and improve operations.

9. IT Security Jobs Galore

Prediction: With the growing number of platforms, devices and services, IT security professionals will experience a bonanza of opportunities.

The supply of qualified highly skilled IT Security professionals will not keep up with demand as enterprises seek ways to automate operations to the fullest. In a demand-driven labor pool, enterprises can expect to pay top dollar for the right combination of skills. Companies operating outside of large metropolitan areas will be particularly impacted by this trend. The best talent will gravitate toward Silicon Valley and other technology hubs. Gaming and hospitality, health care, energy, and manufacturing companies operating in outlying areas will experience the greatest difficulty in recruiting and retaining talent.

2014 looks to be an event filled year. Stay current on identity management news, industry trends, and technology innovation. Subscribe to our blog. We are never short on opinions.

Get the Top 10 Identity Manager Migration Best Practices Workbook

top 10 identity manager migration best practicesStart your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.

Click here to request the Workbook

Written by Nelson Cicchitto

Nelson Cicchitto serves as the Chairman and Chief Executive Officer of Avatier Corporation where he oversees its overall corporate and product strategies. He is a career information technology leader with over 20 years of experience defining and implementing information technology visions for Fortune 100 companies. Nelson continues to lead in commercializing the world’s most user-centric delegated administration solutions for Windows, Linux and the Cloud.