Digital Identity Predictions for 2021
Mark was asked to provide his predictions for digital identity and cybersecurity trends in 2021. Here are his responses, some of which were used by his employer in this article.
What is the top cybersecurity or IAM lesson that we’ll take away from 2020?
Business agility is everything. 2020 showed us that reacting in a matter of days—in the face of a critical ongoing emergency—to move employees to remote working, and enable online transactions for customers, was one of the biggest lessons from this chaotic year.
Companies reported major productivity issues when thousands of employees who normally came into the office to work all logged in remotely via the corporate VPN, and that infrastructure couldn’t cope. Fraudsters and cybercriminals used the pandemic as a trigger for new phishing and hacking attacks. And with consumers in lockdown or uncomfortable about shopping in person, businesses were forced to operate almost completely online, raising issues with customer experience, online performance and availability, which had an impact on brand reputation and revenue.
The ability to react in days, not weeks or months, to fix these issues was something that we’ll use as a template for future emergency events.
What are the top policies/procedures, etc. organizations need to adopt in the new year to properly secure their workforce?
Zero Trust has gone beyond an interesting marketing phrase and has become a framework for enterprises to, well, trust. The idea that user identity is the key to IT security, not gateways, VPNs or other perimeter security services, is now the mainstream. Managing identity proofing, authentication and access via strong identity processes and policies is essential. The weakest links are not your authentication service where you have Multi-Factor Authentication enabled. It’s the process for resetting forgotten passwords, where MFA might not be required, and a phone call to the helpdesk, where (not so) “secret Q&A” is still used to identify your employees for this purpose.
The technology to enforce strong identity security is mature and can be implemented in a short period of time.
Describe challenges with the ‘future of work’ and ways to combat them.
Future work will be more about the employee and less about the organisation and its traditional processes. Flexibility—in location, working hours, devices, even job roles—will continue to increase, as rigid working environments are broken down and the needs of workers become even more important. This introduces new challenges for organisations. How can you interview and on-board a new employee without actually meeting them in person? How can you lock down their devices and access to key enterprise systems when they aren’t in your office every week—perhaps never?
We’ve seen these challenges in small doses already. A fully remote workforce and a need to make even more use of BYOD over personal network connections will challenge IT security teams and cause more audit and compliance issues. Strong but flexible approaches to enterprise security will be a major enabler of business agility and security, rather than just a compliance cost.
How will our perception of identity evolve into 2021?
The worldwide move towards user control of their data, and their privacy becoming a major selling point for services, will shape the discussion around identity in 2021. Breaches are commonplace.The fraudsters continue to profit from their grubby trade. Users are people we know—elderly parents, children, spouses, relatives—and the effects of cybercrime are becoming personal and well understood. Organisations who put the rights of their users, whether employees or consumers, at the centre of their business model, will be seen as market leaders by those people.
Accordingly, strong, user-focused identity processes and services will become a market differentiator in 2021. The shift to distributed identity—where the user controls access to their identity data—is moving from curious concept to a reality. User experience will be key in making this trend a in the near future. But it’s getting closer, as we see with several federal and state governments worldwide moving to a digital identity service, starting with digital licenses.
What was the most overhyped cybersecurity trend of 2020?
Blockchain everywhere will save the world! Blockchain is a tool and in the right scenario, could make an impact and a difference to cybersecurity, but some of the uncritical, fanboi commentary about it is frankly nauseating and doesn’t reflect well on those who do make these untested claims.
If there is one thing the media is missing about the cybersecurity industry, what do you think it is (what should they be talking about that they're not)?
Identity is the key to cybersecurity! Poor digital identity practices and processes are the major contributor to fraud, identity theft and other cybercrime. Fix those processes and the need for mitigating technologies, some of which get the lion’s share of the media attention, becomes less important.
Where will most of the cybersecurity spend go in 2021?
MFA everywhere. Zero Trust for workforce security. AI-based threat detection and mitigation for workforce and consumer online channels. And user experience for consumer services, fixing poor online experiences to take a consumer from anonymous to loyal, repeat customer.
Anything else we should expect with security, cloud, privacy etc. in 2021?
There’s a strong possibility that AIs become the new attack mechanism for cybercrime, and succeed in defrauding major services. Targeted attacks could become more sophisticated and less obvious using AI, causing static defences like security gateways to be helpless. It will be AI versus AI, as organisations turn to their own unsupervised, continually learning cyber defences to defend their systems and services. Into the future, William Gibson’s “Neuromancer” trilogy becomes a reality as AIs become self-aware and fight amongst themselves for control of cyberspace!