Five key security, identity and access management trends

CA Technologies announced five key trends for security and identity and access management (IAM) that will impact organizations and security professionals in 2015 as they compete in the application economy.

The impact of data breaches in 2014, coupled with the demands of the application economy, will greatly influence the way security professionals view and approach identity and access management in 2015,” said Steve Firestone, senior vice president and general manager, Security business, CA Technologies.

Identity and Access Management in 2015, a prediction of what’s ahead:

1. Identity-aware organizations will adopt an “identity dial tone”: The application economy and increased use of mobile apps is driving a need for a centralized, common way to access identity and entitlement information. Identity-aware organizations need to establish an “identity dial tone” to act as one source of identity truth to simplify app development, deployment and adoption and spur new innovation. It will encompass all apps, across all channels and be easily available using identity APIs.

2. Universal authentication comes to your pocket or bag: Increasingly, the mobile phone or mobile device will be used as a universal authenticator. The increased focus on authentication, driven by factors such as President Obama’s executive order (for multi-factor authentication), chip and PIN / signature technology, biometrics and new payment models will drive the demand for simpler and streamlined authentication. Organizations will strive for “zero-touch authentication” to deliver as frictionless and password-free an experience for their customers and employees as possible, and the mobile device will be a key element.

3. A shift from identity management to identity access security: A change in emphasis within the identity market will occur, based primarily on the impacts of last year’s breaches. The emphasis will shift from basic identity administration to identity security. The majority of 2014 headline breaches hinged on compromised insider identities that opened organizations to data theft and application abuse. Protecting organizations against rogue or compromised insider identities will require new kinds of identity and access security that is intelligent, contextual and verifiable.

4. Mobility and the Internet of Things will drive the emergence of API-first architectures: The continued rise of mobile apps and the Internet of Things will drive a move towards lighter-weight, API-first architectures in order to more easily connect into the digital ecosystem. These architectures will be better able to support the large array of user types that need to access apps and data on-premise or in the cloud and across a range of device types. An API-first architecture is what will provide the agility and flexibility that success in the app economy requires.

5. Boards of directors will have increased visibility and involvement into the corporate security strategy: Corporate executives and boards increasingly will be held accountable for breaches that damage their corporate brand. This will increase their level of involvement in security strategy and governance. Security will shift from an “IT problem” to an “executive problem.” Concerns over “denial of business” will drive increased board oversight.