10 Identity and Access Management Predictions for 2020

Identity and Access Management has been increasing its market share for a long time now but what have we got to show for it? 2020 will be an exciting year for the industry so let’s have a look at some trends I expect will become part of the discussion in the next 12 months.

Decentralised Identity isn’t widely available, passwords aren’t dead and IoT devices are still being hacked on a daily basis. We haven’t been able to create a globally approved solution for managing online identities but the future is looking bright as we’ve seen a growth in collaboration and communication between the world’s identity leader’s both in government and the private sector.

What could 2020 have in store for us? Here’s 10 predictions for 2020. Let me know on Twitter if you have any of your own!

Shifting Away From Passwords

As we’re still shifting away from passwords, organisations will ensure that full access to non-sensitive data is a given for all while a Zero Trust approach becomes the norm for higher sensitivity data. The higher the access, the less passwords will be part of the recipe of authentication. Trends have shown we’re already shifting to biometric authentication and these will be more favourable in a multi-factor combination for access to higher sensitivity data.

Giving Users More Control of Their Identity

Self-sovereign identity is all about allowing users to control their own identity attributes. While a great idea, there has been significant difficulties in the industry to make this happen. Keeping information encrypted in a decentralised blockchain can be a detriment as much as it could be a saviour. 2020 will be about figuring where the line is between user control and user security and figuring out how much we can really decentralise identity.

Entity Identification and IoT Identities Will Start To Gain Traction

While the world has spent a lot of time discussing identities of people and citizens, we have noticed that until now, there has been little talk of identifying businesses or IoT devices. This is likely to change in 2020 as the industrial IoT increases in size to $51.3 billion by 2023. How will organisations track, secure and upgrade or fix IoT devices in the IoT?

The Cloud Will Go Single Sign On

As organisations continue to invest in the cloud, there will be increased frustration over access management and security, especially as organisations grow in size. The way to combat this is to implement Single Sign On (SSO) for all cloud services and 2020 will be the year that organisations adopting SSO will increase dramatically in size.

Behavioural Analytics and AI Market Will Grow

While sentiment of behavioural biometrics still isn’t high for many consumers, the industry sees it’s potential for greatly reducing fraud and cybercrime. I believe that 2020 will not discourage investors from continuing to explore this new technology with the aim of implementing it in the coming years, initially in a less invasive or noticeable way for consumers.

Build or Buy Solutions

Identity and Access Management (IAM) is generally built into products and solutions by developers (although this trend is already shifting) but going into 2020 I think this will become more of a burden and developers will begin to work closer with IAM companies who can provide out-of-the-box capabilities allowing them to save time on developing and focus more on the product or service development.

National ID Schemes Will Experience Delays

In 2019, a number of countries announced and began the development of national ID schemes. The Austrian government’s eID scheme, Taiwan’s National Identity Card and China’s e-Residency Card are just some examples of National ID Schemes coming into play. Problems already exist with these schemes and it’s no wonder that countries like the UK still don’t have a clue how to continue with Verify.Gov. There are security considerations to be had around:

• who holds identity data, how much control citizens have of their data,
• ability to use a physical card and for access to what services,
• what methods the government provides to get a new card if needed,
• what identity attributes are used for authentication.

Know Your Customer Will Connect With Identity

Regulations like PSD2 and AML5 are increasingly asking financial institutions to identify customers before onboarding them. This will help them when monitoring fraud and identifying fraudulent accounts. 2020 will see compliance and IT Security match up techniques for better compliance, data reporting and identification of cybercrime. This could include the inclusion of banking biometrics like voice recognition and facial recognition.

Legal Entity Identifiers Become Well Known Globally

Today, Legal Entity Identifiers (LEIs) are probably more well-known to people in the financial industry but 2020 will be the year where LEIs will play a larger role in the identification of business entities. We’re already seeing the use of LEIs in Certificate Authorities to serve Digital Certificates like SSL or Document Signing Certificates. This would be a very useful tool in the world of Smart Contracts.

Collaboration Will Continue

This is probably less of a prediction and more of a wish but I hope that 2020 will bring more collaboration between identity experts in the private and public sector. We should be learning from the mistakes of projects that failed and from the successes of the projects that worked.

We should also keep in mind that identity serves citizens, devices and business entities and each will need to be dealt with differently. We cannot use the same techniques for each area but without all three, the internet will remain vulnerable.

We have a great solution for business entity identification with LEIs so if you haven’t already, learn more about what Legal Entity Identifiers are here.