Home » Technology » Security » The Identity Challenge
Michael has some real challenges when it comes to managing his online identity. At home he struggles to manage a long list of usernames and passwords for accessing his favourite social media sites, online banking and other financial products, services from his local council and a mass of access across online retailers, hobby sites and more. Naturally his professional life has a significant online element which means that he has effectively adopted a separate persona (Michael the employee) in a significant part of his digital footprint in the world.
This is not unique to Michael. Any online user will share some of the problem to a greater or lesser degree. When taken together the problems and interdependencies seem to represent a larger problem that would be a daunting task for any solutions architect.
So, in the context of identity and access, what does the future look like for Michael? Will identity problems of this nature grow, or will we eventually see fundamental changes to the approach for identity and access in next generation (3.0?) solutions?
The best attempts at answering these questions need to look at what forces will influence future change. Here a few scenarios may play out:
i. Change will come from those bodies who seek to redefine standards and best practice from the top down. Organisations such as the Global Identity Foundation work to build new models and frameworks that will realise a new identity vision in the future.
ii. Change will come from within the IAM industry (analysts, vendors and customers who shape real world solutions today). Market forces mean they develop solutions based on short term customer need and the realisation of revenue. Strategic roadmaps will be in place however, and the leading vendors will be looking to ensure future success by being front and centre in developing the right solutions for the long term.
iii. Change will come through some other necessity driven by the online environment. This could be from positive forces (innovation which brings new consumer approaches which find mass appeal and adoption quickly) or negative ones (further failures of major online service providers to protect consumer data leading to a tipping point in what users demand).
However, whenever and wherever future changes for Identity and Access Management are realised, this will not be in isolation. While IT service delivery and computing models are transforming now, identity and access solution delivery still remains linked to relatively inflexible dependent technologies (for example, email).
What can be done today however is an easier question to answer. Any enterprise responsible for the delivery of digital services needs to act now to ensure that they are building the solutions that are as future-proof as can be reasonably architected today. While this sounds like a rather open challenge, the basic principles within IAM are actually simple. For example:
• Build people-centric solutions that meet the demands of the enterprise without compromising the requirements for privacy for the consumer. Improve the user experience for identity and access through delivery of clear and concise interfaces that empower users to get more from their online experience.
• Adopt intelligent solutions for access that measure risk based on the context of users access and the transaction requested. Concepts of security need to evolve to determine access privileges based on a more complex assessment of variable attributes rather than the simple black/white models that prevail today.
• Accept that the concept of identity does not relate to people alone. Model for future solutions that extend identity to the items that people own, share and use too.
• Avoid long-term lock-in to specific technologies or processes. The rate of change for IT continues to increase. Enterprises need adaptable and scalable framework based solutions that allow them to adopt best-of-breed matched against business requirements through time.
Given the forces for change in IAM building in this level of flexibility is essential, so find the commercial models that support the above. Return-on-Investment for IAM needs to reflect the changing expectations of the market and should support the flexibility that both vendors and customers need to build and deploy the best strategic solutions.
Additional resources and information relating to this subject provided by Dell are available here