When planning security, you must start with the issue of identity. A person has one identity, but can perform several roles. Users will be making tougher demands on how people authenticate themselves, which means that we will need to offer more different ways of doing so. Access to resources will be based on dynamic rules rather than fixed rules as is now the case, e.g. based on membership. In future, risk-based and context-based access will be required. This means that we look at patterns and behaviour and calculate a risk before deciding whether and how people should authenticate themselves.
As we move more and more services into the cloud and users become more mobile, these demands are becoming stricter. Passwords are no longer sufficient. Nor are they desirable. Users want it to be simple. Ideally, they don’t want to log in at all. They want SingleSignOn.
So with this in mind, it’s all about our knowing who our users are. We must be able, in a secure way, to manage our users so that we know how to authenticate them. But users will also come to you.
There’s a lot of talk about Bring Your Own Device (BYOD). But not about BYOI, Bring Your Own Identity. BYOI is something that will increase.
The EU is also planning a new law on data protection. Among other things, this new law will require that a person living in the EU must give their approval to data being passed on. Anyone handling data about people living in the EU must comply with this law, regardless of whether or not the data is being stored in the EU.
Gartner estimates that by the year 2020, 25% of all security costs will relate to EU requirements.
At InterConnect 2016 the spotlight will fall on these challenges and how we can deal with them. By having our identities under control, we can satisfy our customers’ preferences and better respond to the demands made of our solution.
IAM Architect, Enfo