The response to COVID-19 will also create more awareness around the need for broader security of the remote workforce that goes beyond MFA, such as better access controls.
James Litton, CEO Identity Automation talks about Identity and Access Management (IAM) Solutions, remote working risks, and more on World Password Day
What are the factors that will make the biggest impact on IAM solutions in the remaining months of 2020? How do you intend to meet the new market needs?
The COVID-19 crisis has placed emphasis on the need for organizations to provide more secure authentication methods to their applications. I believe there will be a heightened focus on Multi-Factor Authentication (MFA) solutions in the remaining months of 2020. My hope is that the response to COVID-19 will also create more awareness around the need for broader security of the remote workforce that goes beyond MFA, such as better access controls. As organizations have opened up their systems for remote access, there’s going to be a big push to secure them.
Identity Automation’s intention is to help organizations understand there are relatively simple ways to attack these security problems. We want to raise awareness to organizations that there are solutions readily available, whether it’s MFA to meet a compliance requirement, or generally raising their security posture, considering the impact it will have on the future.
How will behavioral analytics and AI help IAM grow further?
As organizations continue to look for more intuitive systems to use, behavioral analytics and AI will play a larger role in helping to make decisions around access control and threat behaviors. I believe it will be a relatively slow process before many organizations completely rely on these platforms for decision-making. However, we’ll see more analysis and flagging in the near future. For example, AI can flag for an anomaly regarding a user account; such as if multiple transactions occurred that cannot be from the same user. This should lead to a significantly reduced threat landscape in terms of the ability for people to have unfettered access to be able to execute these attacks. Once you’re aware the attack is occurring, you can then take steps to prevent that person from continuing to attack.
With remote working options, new security threats are emerging in the industry. How do you use IAM to mitigate at least some of them?
IAM can be used to mitigate new security threats by fronting your application with factors beyond usernames and passwords. In particular, MFA and biometric authentication have become more intriguing in an environment with an increased remote workforce. There’s also an opportunity for organizations that don’t necessarily want to implement an MFA solution to venture to a passwordless solution that also improves overall security, which can be achieved through push authentication, for example. Just-In-Time (JIT) access also makes sense to address growing cybersecurity concerns by leveraging workflows to grant access as an on-needed basis, ensuring fewer people have constant access.
Experts are saying that organizations will adopt Single Sign On (SSO) for all cloud services this year. Will IAM be playing a role in this?
Yes absolutely. In Identity Automation’s view, SSO is a piece of identity management that specifically relates to access management. While I don’t know if it will be complete coverage, a huge number of organizations have already adopted SSO. IAM plays a significant role in not only facilitating the SSO transactions themselves but also the provisioning operations. It’s one thing to ensure it’s convenient for your users to access systems; however, you still need to create accounts and manage the access itself, which is largely still done manually. IAM plays a critical role in automating that portion of the process.
Do you think IAM solutions need to evolve for assuring security in a world where citizen data is critical for healthcare and other reasons?
Organizational practices need to change to protect data. That means doing everything from better control who has access to systems and making sure only the right people have it to ensure that access is removed when people leave the organization. Organizations also need more robust access control systems in order to have more refined control. For example, when a user has access to an application, organizations need to consider if the user truly needs access to everything within it. Chances are, there’s a way to better control what the user has access to and instead limit their privileges to one or two specific functions within that application.
A lot of companies have automated provisioning in place, but do not necessarily have all of their access controls in place. In particular, companies that rely on Role-Based Access Control (RBAC) often grant broad access to users, which may not be refined enough. At Identity Automation, we recommend Attribute-Based Access Control (ABAC) because it provides a more fine-grained approach. In reality, the majority of organizations are missing those access controls altogether, so there’s a huge role for IAM that will continue for quite some time to come.
James Litton is the Founder and Chief Executive Officer of Identity Automation. James leads the development and execution of Identity Automation’s aggressive growth strategy, which is driving over 40% revenue growth year-over-year. With more than 27 years of experience in enterprise technology software and systems, James has led teams as an executive living and working in North America, Africa, Europe, Australia and throughout Asia. James initially led Identity Automation to success as a software consulting services firm before guiding the Company through its rapid and successful transformation into a highly profitable, high-growth pure-play subscription software product company.