Analysts, customers and vendors met at Caesar’s Palace in Las Vegas to discuss trends and solutions.
“The digitization of society (not just business or the enterprise)… was a clear underpinning for many of the sessions.”
The 2017 Gartner Identity and Access Management (IAM) Summit kicked off on Tuesday, November 27, including Gartner analyst-led sessions, analyst roundtables, workshops, and exhibitor presentations and demonstrations. Gartner has 13,000 associates serving clients in 11,000 enterprises in 100 countries. One-on-one meetings with relevant analysts were available during the Summit. Keynotes and sessions, including Gartner experts and end-customers, delivered insight into lessons learned and best practices, and emerging trends and standards.
The digitization of society (not just business or the enterprise), and what that means for IAM going forward, was a clear underpinning for many of the sessions. The demand for personalized user experiences, interacting with IoT devices in real-time, contextual awareness, and behavioral analytics that guide the experience and friction level were present in many discussions.
Mobile ID, biometrics, movement of IAM safely to the Cloud, and utilizing micro-services to support the immense scale required by the rapidly increasing IAM transaction loads were all hot topics.
“…our whole society is becoming digitized, not just the enterprise.”
Security and mobile identity management for IoT was a hot topic in several presentations. Mark Diodati, Research VP at Gartner, provided a great analysis of the current state of IAM capabilities of IoT platforms and related standards. Diodati revealed that a lot of work is needed to enable trusted transactions that leverage both the device’s identity and the user’s personal identity. He also indicated that Open ID Connect (OIDC) and the creation of new standards will be instrumental in making good progress. Finally, Diodati said direct “user-to-device” interactions, like those successfully demonstrated at the Gartner IAM Summit by the US Department of Homeland Security using Usher by MicroStrategy, provide significant advantages and flexibility instead of only relying on cloud-connected solutions.
Rob Smith, Research Director at Gartner, revealed how Enterprise Mobility Management (EMM) and IAM is converging in waves. Smith explained that initially EMM and IAM controls are first moving under a common management interface; second, IAM functions are improving; and third, advanced capabilities like behavioral analytics and adaptive authentication are resulting in better access decisions and compliance.
Gartner VP and Fellow Frank Buytendijk provided an exciting keynote entitled “Connected! Exploring Life and Work in the Digital Society.” Buytendijk explained that our whole society is becoming digitized, not just the enterprise. He reasoned that as devices get smarter and more capable, the concept of operators and users goes away. At that point we will be “interactors.” He also revealed a new prediction from Gartner: By 2020, over 26 billion devices will be interconnected. There will be 215 trillion stable connections, and 63 million new ones every second.
“…IAM micro-services are critical for delivering highly secure, scalable and extensible product and service architectures.”
The FIDO Alliance was represented in the Exhibitor Showcase by four companies including Aware, Dashlane Business, Nok Nok Labs and Keeper Security. The FIDO Alliance, recently announcing the FIDO Europe Working Group, now touts nearly 400 products that are certified to interoperate utilizing the strong authentication FIDO standard incorporating biometrics.
Paul Rabinovich, Research Director at Gartner, explained that as our digitized society continues to grow, and security threat vectors are on the rise, IAM micro-services are critical for delivering highly secure, scalable and extensible product and service architectures. Moreover, Rabinovich explained that these IAM micro-services will need to especially accommodate interactions with Mobile Identity due to the heavy adoption of mobile devices and applications, and the natural extension of instantiating one’s identity via a personal smart device. Rabinovich encouraged product and solution providers to adopt OAuth 2.0 as the primary method for authentication and authorization for micro-services, as Tuebora, a startup backed by Citrix Systems, demonstrated at the Gartner IAM Summit.
Shell spoke about their very large-scale IAM automated governance deployment in the cloud, setting a new benchmark for the industry. The new cloud-based solution manages 130,000 identities with a roadmap to support entitlements (privileges or authorizations) for more than 300 business-critical applications. The solution, built on Saviynt on Cloud, delivers a centralized, standard way to request, approve, provision/de-provision, and certify application access, as well as onboard applications.