Identity Security

Increased home and remote working and cloud migration are driving accelerated digital transformation, which has led to an explosion of digital identities, which are under attack more than ever before. 

Identity security has never been more important, making it a key theme running throughout Day Two of KuppingerCole’s 2021 European Identity and Cloud (EIC) conference, and the primary topic of a virtual roundtable discussion that focused on the importance of securing privileged access, and a presentation by Henk Marsman of Rabobank on the impact of an agile approach to software development has on identity security.

Decentralized identity is a strong candidate for addressing key identity issues, and was featured in presentations by Stepan Gershuni of the Decentralized Identity Foundation, J.R. Reagan of IdeaXplorer, John Phillips of 460degrees, Ingo Schubert of RSA Security, Harry Behrens of bloXmove, and Peter Busch of the Robert Bosch Group, who believes decentralized identity will become a reality within two to three years.

Identity featured strongly in the agenda with keynotes on why Zero Trust is driving an identity-centric security strategy by Yuval Moss of CyberArk and on the tension between anti-tracking browser features and identity protocols by Vittorio Bertocci of Auth0. “Any actions against tracking, that do not really understand the difference between ad tracking and federated identity, will affect the federated identity scenarios,” he says. Bertocci believes the best way forward is for all identify operators to join the W3C’s Federated Identity Community Group to take part in the discussion.

Advice on how to ensure IoT projects are successful, was another highlight of Day Two of EIC 2021 with a presentation by Graham Williamson, Senior Analyst at KuppingerCole. “As with many projects, good project management is very important for an IoT deployment,” he says. Williamson also believes that cybersecurity is essential to IoT deployments and predicts that there will be a “catastrophic event” in the IoT space in the next few years.

Decentralized identity solutions typically address identity proofing and the secure storing and sharing of identity credentials

— Annie Bailey, Senior Analyst at KuppingerCole

Because we understand how important identity security is and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.

Research

Decentralized identity is one approach organizations can consider in their efforts to improve identity security.

Discover the critical aspects of decentralized identity solutions that are relevant to enterprise adoption in KuppingerCole’s Leadership Brief on What to Consider When Evaluating Decentralized Identity.

Other useful KuppingerCole reports on decentralized identity include the Market Compasses on Decentralized Identity: Blockchain ID & Self-Sovereign Identity Solutions and Providers of Verified Identity.

Consumer Identity and Access Management (CIAM) also focuses heavily on identity security, with many solutions offering functionality designed to protect consumer identities. Familiarize yourself with some of the key issues and market players by looking at the Leadership Compass on CIAM Platforms.

Privileged Access Management (PAM) is another important aspect of identity security. Key resources to help with this include the Leadership Compasses on Privileged Access Management and Privileged Access Management for DevOps.

Bolster your understanding of identity security even further with these Leadership Briefs on Leveraging Identity Fabrics on Your Way Towards Cloud Based IAM and What strategic role should Azure AD play in your org? and this Advisory Note on the Future of Identity Management.

Audio/video

If you prefer video and audio content, watch this video featuring EIC2021 speaker Michele Nati speaking about Decentralized Identity, this recording from a past EIC featuring Joy Chik talking about Connecting Identities for People, Processes, and Things, and this talk by T.J. Behe entitled: Beyond Blockchain: Creating Value from Compliant Self-Sovereign Identity.

Blogs

Security and identity are examined in various blog posts. See this blog post by Senior Analyst Paul Fisher entitled: PAM Is Changing and You Need to Know Why. Other relevant posts by guest bloggers cover topics such as IGA in the Cloud without Compromise, Data-Driven Decision Making for Identity Security, and Strong Online Identities and Identity Sovereignty.

Webinars

Strong digital identity verification and authentication is essential, but has traditionally come with increased complexity at the expense of a good user experience. To find out if that is still true, watch this webinar on Does Increased Security Still Mean Added Complexity?

For more webinars about security and identity, check out the following:

• There Is No Successful Digital Transformation Without Strong Identity Management
• How Security and Identity Fabrics Work to Help Improve Security
• Mitigate Identity-Related Breaches in the Era of Digital Transformation

Whitepapers

KuppingerCole has several whitepapers relating to the topic of identity and security:

• California Consumer Privacy Act: The Need for Data-Centric Security
• Identity Governance. The Value of Leveraging IGA Functions from the Cloud
• Orchestrated Identity for Meeting IAM & CIAM Requirements
• Balancing Security and Convenience: Identity Verification & Authentication made easy

Tech Investment

Organizations investing in technologies to promote and support identity security, can have a look at some of the related technology solutions that we have evaluated:

• Saviynt Enterprise Identity Cloud
• WALLIX Bastion
• SecZetta Third-Party Identity Risk Solution Aug 2020
• Microsoft Azure Active Directory
• Google's Cloud Identity
• Oracle Identity Governance
• Saviynt Security Manager for Enterprise IGA
• Akamai Zero Trust Security
• AdNovum NEVIS Security Suite
• Oracle Identity Cloud Service
• WSO2 Identity Server