The Gartner Identity & Access Management Summit provides an opportunity to take the pulse of the security world. After attending the 2023 edition of the event, CFGI’s experts walked away with valuable insights about the ways organizations will be protecting themselves in the months and years ahead.
In particular, two major themes emerged at the conference, both of which Gartner has researched extensively. These themes are passwordless access management and Light Identity Governance and Administration (IGA) — and both could provide immediate value for your business.
Passwordless methods revolutionize identity and access management
For years, cybersecurity researchers have been promoting the end of password-based authentication. After all, standard passwords are inconvenient and easy to forget, on top of being relatively easy for hackers to breach. But is true passwordless authentication ready for prime time?
The answer is mixed. Gartner notes that it’s too soon to eliminate password protection from certain applications and databases. With that said, the researchers are eager to point out ways to reduce dependency on passwords and get started on next-generation authentication.
The process for password elimination involves three steps:
- Businesses should create a roadmap to switch to new authentication methods, such as using mobile devices as tokens. These maps should be flexible because the technology could change due to ongoing development. They should also be created with maximum stakeholder involvement to counter doubts and objections.
- Next, it’s time to get started on passwordless methods in whatever applications currently support it. This may mean using “bridge” tech tools designed to work alongside legacy technologies while companies prepare for widespread adoption.
- Third, businesses should get ready for universal use of password-free login technologies. Events such as the release of updated FIDO standards should ease this process. Gartner notes that this step is only available to companies that have completed step two and gotten their footing in the passwordless world.
Light IGA introduces flexible new security options
In addition to the march toward a passwordless future, Gartner experts highlighted the power of new identity governance and administration (IGA) tools that aren’t fully featured suites. These are the light IGA products, designed to suit companies with less demanding requirements or act as additional tools alongside more comprehensive platforms.
While Gartner is closely monitoring the progress of light IGA systems, researchers recommend that only businesses without major compliance and auditing requirements should consider using these products as their primary IGA options. In all other cases, a comprehensive and customized IGA platform is the best option, even when companies don’t need full IGA suites.
Light IGA may truly shine by providing additional functionality to companies with other IGA suites already in place. When using this multiple-solution model, IT professionals should make sure they have adequate employee education programs in place to ensure the new system doesn’t introduce too much complexity.
Historically, IGA has always been a concept focused on and followed by large enterprises. With the introduction of light IGA, organizations of all sizes can implement appropriate security controls and ensure they’re protected from identity-related attacks.
An exciting future for IAM
The security threat landscape is always changing, introducing new risks. The Gartner IAM Summit provides a helpful reminder that access management technology is evolving too. Find out where this leaves your company and what your next move should be. Contact the CFGI Cybersecurity team for a consultation today.