If one of your acquaintances has a chronic condition, such as asthma or epilepsy or diabetes—one day, in the not too distant future, they may wear a smart device (IoT) that monitors their vitals. In the event that the data emanating from the device—and possibly processed in the cloud—would be indicative of an imminent crisis, that patch or bracelet could communicate with a cloud app that automatically triggers an alert to a mobile healthcare service, schedule an appointment with the nearest treatment unit, and wait for a confirmation from the patient and unit’s staff.
This scenario demonstrates several key themes discussed at Gartner’s 2-day IAM EMEA Summit in London earlier this month, which I was fortunate enough to attend. Rubbing shoulders with Gartner analysts and sponsoring vendors were 450 IT and security professionals, the majority coming in from the UK, Benelux, DACH and Nordics regions.
To drill down, here are some of my key takeaways:
- The future of identity and access management (IAM) will see the convergence of IT, OT and IoT into a single digital security discipline. As Gartner Futurist Earl Perkins explained, at the heart of this discipline will lie “business moments,” where people, devices—such as industrial, agricultural and health-monitoring sensors, together with the data they generate and the big data analytics that ensue—will interact for a specific event, and then ‘dissipate.’ Businesses that will be able to address these business moments will be able to capitalize on new, heretofore unthought-of market opportunities.
- To capitalize on these business moments, IAM vendors will have to develop bimodal IAM. Simply put, that means that development of traditional IAM solutions will continue using traditional methodologies, but to capture new ‘business moments,’ IAM vendors will have to concurrently, and in parallel, use more ‘agile’ methodologies that enable them to develop solutions quickly, and be willing to fail when their innovations don’t take off. The newer solutions, illuminated Gartner Analyst Ant Allan, will incorporate big data, social data, IoT and mobile devices into IAM architectures, and while agile IAM will be able to capitalize on new market opportunities and take on business risk, legacy-only IAM solutions will lag.
- Context, context, and more context. The premise here is that all types of static data used to date have been compromised, e.g. credit bureau data, KBA, and even caller ID, giving rise to the importance of behavior-based analytics. And since very user wants to be treated like a consumer, context-based authentication, aka adaptive authentication, helps hide complexity, requiring users to step-up authentication only in high risk situations. Enhancing this type of access control are user behavior analytics, which can be pulled in from a variety of sources, a few of which are mentioned above. And where real time context-based decisions fail, the context data and analytics can still be used in conjunction with SIEMs to cross reference data and find anomalies that facilitate further investigation, enlightened Distinguished Analyst Avivah Litan.
Stay tuned for more takeaways in Part 2.