What to expect from identity management in 2021

Identity management was top of mind for IT departments in 2020 thanks to the COVID pandemic. What impact will those initial decisions have for companies heading into 2021, and what changes will have to take place over time because of them?

IDGConnect_identitymanagement_shutterstock_369815372_1200x800
Shutterstock

This is a contributed article by Greg Keller, Chief Technology Officer, JumpCloud.

Making predictions for 2021 is a challenge after everything that took place in 2020, both expected and unexpected. For the world of identity management, the focus will still be on how to control access, but this will be more complicated due to all the changes taking place in 2020. Here are five predictions around how things will change around identity, and how companies will ensure that the right person has access to the right applications from the right device and the right location.

Prediction #1 - Work will be different in 2021

It’s obvious, but the world of work will change in the next year. Although some offices will reopen and some staff will go back, many employees will either remain in their home offices or take more flexible approaches. This flexibility will help companies keep their staff productive, and it will also benefit individuals who don’t have to commute to work without a good reason.

In 2021, this will lead to changes in how work is structured and managed. Managers will assess results, rather than assessing employee time in the office. Employees will likely require a suite of collaboration and other tools alongside each other to work effectively and to accommodate partner or customer preferences. This will make standardisation harder, and make centrally managing identities for multiple services more crucial to keep employees productive.

Prediction #2 - Technology choice and selection will be driven by convenience and heterogeneity

Over the past decade, the vendors and products that companies use have expanded into a very broad set of solutions, ushering in a wave of cloud-born and based solutions challenging their historically on-premise-managed predecessors. Today, the combination of cloud infrastructure providers like AWS providing cheap solutions for compute and storage, and Google Workspace for collaboration apps and productivity tools, offers a new standard. Alongside these cloud-based services, macOS is growing as a default operating system as a preferred environment to work within and the wide array of tools to help deploy and manage them which only a few years ago were non-existent given Microsoft Windows’ dominance in the workplace.

As these companies grow, they have to consider security and access control. Traditionally, this would have been done using Microsoft’s Active Directory. However, with increasingly heterogeneous environments and technology services, Active Directory is less effective than it once was in the industry maturity curve. Active Directory increasingly requires identity bridges and add ons, creating room for a vibrant market of more modern, cloud native identity and access management platforms.

Prediction #3 - Security will involve more Zero Trust

Zero Trust is a model for security initially developed and popularised by Forrester. It encourages security designs that don’t make assumptions about the security of any particular component in order to minimise risk, and does so principally by challenging the user to verify that it is really them attempting to gain access to a corporate resource.

Where it will change in 2021 is around deeper support for truly remote work scenarios, specifically in the area of device posture and network trust. Ensuring the legitimacy of the location that authentication requests are made from and the devices making the request together will be key to securing remote workers.

Prediction #4 - The only consistent point will be user identity

One of the biggest impacts that the pandemic had this year is the move to remote work. Previously, organisations relied on internal corporate networks, firewalls, and the four walls of their offices to secure their resources — but the increasing necessity of remote work challenges this model. Organisations need new models to secure remote users and their access to resources. 

For many companies moving to full remote work for the first time, initial plans based on replicating existing security approaches are now creaking, as they can’t cope with the need for flexibility. Instead, user identity will become the focus.

Centralising a singular identity for employees, versus disparate accounts per resource is a critical first step for many organisations, particularly SMBs. Additionally, verification schemes for the identity, such as establishing multi-factor authentication (MFA) at the resource level will also be important, and helpful for verification.

Organisations must also understand the context around each user identity and what they are allowed to access. This will involve managing access across multiple operating systems, devices, locations and applications, based on what a user should be able to do and what they will need over time. Getting this right will involve federating authoritative identities to resources via existing standards like RADIUS, LDAP and SAML, as well as making sure that you can support everyone in the same, consistent way.

Prediction #5 - Talent acquisition will stretch worldwide

One side effect of the move to more remote work is that companies will look further afield for the people they need. Rather than being limited to physical location and how far people are willing to commute, companies will hire based more on skills. For employees, this will mean they can have much more control over where they live and when they work. For companies, this will open up talent pools that would otherwise be closed to them.

The risk here is that companies will get sidetracked by trying to pay market rates in specific countries or locations, rather than focusing on what the market rate is for that skillset. This can see you lose out on the best talent by getting bogged down in salary discussions and comparing apples to oranges; instead, the future will be based on finding the right people regardless of where they happen to be and paying them what they are worth. This will also depend on strong identity management and support for running across different countries - but getting this right should speed up hiring processes and make it easier to onboard the right people.

To keep up with this, 2021 will see companies focus on how to make it easier to scale up identity management projects across all their operations without being tied to single technology platforms.