future-proofing consumer identity and access management
Post on 06-Jul-2015
467 Views
Preview:
DESCRIPTION
TRANSCRIPT
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity."
Gregg Kreizman
Future Proofing Consumer Identity
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
The creation of new
business designs by
blurring the digital and
physical worlds
Digital Business
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
The Digital MomentA Flight Delay…It Could Happen.
2
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Current State Of This Digital Moment* Derived From Extensive Research
3
Gregg is notified that his flight has been delayed…
…repeatedly, even after he has taken an alternative flight on the same airline!
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 4
Digital Business Changes the Scope of IAM
IAM manages the identities and entitlements of peopleand things and the relationships between them.
It provides the right access for the right reasons, enabling the right interactions at the right time.
It enables desired digital business outcomes.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.Welcome to the World of Relationships
SS
Person
Device
Service
D
Managing identities includes the identity of things
By 2020, the Internet of Things will redefine the concept of "identity management" to include what people own, share, and use.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Midterm Strategic Planning Assumption and Recommendations
Recommendations:
Critical infrastructure industries should assess IAM architecture changes to accommodate operational technology (OT) endpoints.
Goods and services clients need to review their current IAM for the scalability that IoT will demand. 10X? 1,000X?
IAM vendors and service providers should evaluate how IoT can generate new business opportunities.
By 2018, 35% of organizations will be delivering on
strategies to incorporate the Internet of Things into their
IAM programs.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
“Every User Is a Consumer"
By year-end 2020, 80% of digital access will be shaped by new mobile and non-PC architectures, up from 5% today.
Strategic Planning Assumption
Every User Wants to be Treated Like a Consumer.
By YE20, 80% of digital access will be shaped by new mobile and cloud (i.e., non-PC) architectures, up from 5% today.
Strategic Planning Assumption
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommendations:
Provide brokers between modern cloud and legacy architectures.
Minimize user friction by merging enterprise and B2C architecture design teams, giving preference to consumer-oriented B2C designs.
Account for enterprise mobility management and IAM requirements collectively in strategies and procurements.
Midterm Strategic Planning Assumption and Recommendations
By YE18, 60% of digital access will be shaped by new
mobile and cloud (i.e., non-PC) architectures, up from
5% today.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
A Competitive Marketplace for Identities
By 2020, 60% of all digital identities interacting with enterprises will come from external identity providers through a competitive marketplace, up from <10% today.
Strategic Planning Assumption
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
You Still Can Be the Dog on The Internet
10
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Midterm Strategic Planning Assumption and Recommendations
By 2018, 40 % of all digital identities interacting with
enterprises will come from external identity providers
through a competitive marketplace, up from <10%
today.
Recommendations:
Investigate identity providers that match your level of identity assurance and service at the right price.
Enable social identity as an option for consumers. Adopt a "Trust but Verify" approach via adaptive access.
Seek IAM software or services that allow you to be opportunistic —Does not lock you into one solution for a long term.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Roles Make Way For Other Attributes
By 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
Strategic Planning Assumption
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Midterm Strategic Planning Assumption and Recommendations
Recommendations:
Insist on ABAC being present on vendor road maps for your critical systems.
IAM vendors and service providers should deliver functionality arising from the shift from RBAC to ABAC.
Encourage ABAC awareness training for developers and architects.
Target new related application sets for ABAC.
By 2018, 35% of all businesses will use attribute-based
access control (ABAC) as the dominant mechanism to
protect critical assets, up from <5% today.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 14
“Identity Intelligence Finally Gets a Brain"
By YE20, identity analytics and intelligence (IAI) tools will deliver direct business value in 60% of enterprises, up from <5% today.
Strategic Planning Assumption
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Midterm Strategic Planning Assumption and Recommendations
Recommendations:
Require IAM vendors to highlight IAI capabilities on RFIs and RFPs.
Expand the audience for IAI by demonstrating its value in specific business unit use cases.
Consolidate log management and analytics for key security and identity applications.
By YE 2018, identity analytics and intelligence (IAI) tools
will deliver direct business value in 40% of enterprises,
up from <5% today.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Adaptive IAM For Consumers
Protected ResourcesUse On-hand
Data
Adaptive
IAM
Databases
Use Available
Authentication
Data and Context
Policies
AnalyticsIdentity
Proofing
Lean and fast
Initiate benefits change
Minor profile updates
View healthcare data
Transfer funds
Initial registration
Marketing
Non-sensitive access
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Bimodal IAM = Legacy IAM + Adaptive IAM
Honor the Legacy. Embrace the Changing Future.
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2014 2016 2018 2020
SSO
BYOI
LEGACY IAM
Predictable, Reliable, Stable
Incremental Change
ADAPTIVE IAM
Speculative, Short-Term
Fail Fast
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Action Plan for IAM Leaders
Monday morning:
- Identify items on your legacy IAM road map that should move to your adaptive IAM road map.
Next 3 months:
- Update your IAM vision to include the bimodal nature of your IAM program.
- Challenge your IAM vendor(s) to include adaptive IAM features in their road map.
Next 12 months:
- Socialize your bimodal IAM vision to your organization.
- Create an adaptive IAM team and pilot an adaptive IAM initiative. Encourage them to take risks.
top related