Los Angeles — Enterprises should plan on identity management evolving to be less expensive, more scalable, faster to deploy, more intelligent, tuned for industry and have a better interface for end-users.
Those messages Monday were the opening salvos to a crowd of 900 attendees at Gartner's annual identity and access management conference.
"In the past, efficiency was a key driver [for identity management roll-outs]," said Gregg Kreizman, research vice president at Gartner. "Compliance came along, but business enablement is the Holy Grail."
Protected resources in the enterprise aren't where they use to be and the move to the cloud has stressed and fractured identity and access management (IAM) to the point where it needs to be re-architected, according to Gartner.
With those observations and others, Gartner laid out the future framed by seven predictions for the way IAM in the future will be unlike IAM now.
1. Every user is a consumer.
The point here is that access to systems will be more consumer-like, with mobile driving much of the change. Interfaces will trend more toward today's B2C model and be less Windows-like and less likely to pull data from corporate directories. i.e. Active Directory (which won't disappear entirely)
Prediction: By year-end 2020, 80% of digital access will be shaped by new mobile and non-PC architectures, up from 5% today
2. A competitive marketplace for identities.
There will be pressure to externalize identity and there will be outsourcing. Companies like Boeing are doing that today in their supply chain. The UK government is contracted with eight identity providers as part of that country's Identity Assurance program. Biometrics will figure into the picture taking advantage of tools on devices such as microphones and cameras.
Prediction: By 2020, 60% of all digital identities interacting with enterprises will come from external identity providers through a competitive marketplace, up from <10% today.
3. The death of "least privilege"
Instead of architecting to limit access, everything that is not explicitly protected should be allowed. People-centric security is a notion that users will protect the data that is important to them and their organizations. The idea is that least privilege accounts are no longer suitable for modern day organizations. In this environment, use of monitoring tools and big data analytics will rise and spending on IAM will fall.
Prediction: By 2020, over 80% of enterprises will allow unrestricted access to non-critical assets, up from <5% today, reducing spending on IAM by 25%.
4. Legacy pricing models implode.
Today, Gartner says 90% of most large, notable identity projects require an integrator, which creates the perception that the value of the project in the end is diminished. The idea is that pricing models move away from user-based models in which enterprises pay for IDs that they don't use, and move to transactional and processor-based pricing.
Prediction: By end of 2020, overall IAM product and pricing will drop by 40% relative to today in real terms.
5. Attributes are now "how we role"
Context will play an ever-expanding role as people come to enterprise networks from all angles and devices. It will be a world of attribute-based access control, where an identity marketplace becomes a key provider of user attributes that build context and define access control decisions, especially for critical data, systems. Crafting policy definitions, however, will continue to present challenges.
Prediction: By 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.
6. Identity intelligence finally gets a brain
Here analysis is key. Enterprises will need to provide a "who" view based on analysis. Identity will be indexed in a way that dovetails with work of business intelligence teams. Identity architects will need to identify current tools that provide analysis and seek out new ones with analytic smarts. Attention to privacy concerns also will play here.
Prediction: By year-end 2020, identity analytics and intelligence (IAI) tools will deliver direct business value (beyond Access and Governance tools) in 60% of enterprises, up from <5% today
7. Managing identities includes the Identity of Things
This is a game-changer even for those that think they have a firm grasp on identity management. The addition of an Internet of devices to the Internet of people is where challenges lie, and mobile is the first glimpse of the kind of discomfort enterprises may feel. Recording devices like FitBits, smart meters and traffic sensors are just a few things that will give rise to the revised notion that 'On the Internet, no one knows you're a sensor.'
Prediction: By 2020, the Internet of Things will redefine the concept of "identity management" to include what people own, share, and use.