Access Management Trends in a Connect Anywhere World

So welcome to the session Access Management Trends in a Connect Anywhere world. As Paul mentioned, I'm Alejandro work here at Coppinger Coal, and I think this is a cool topic because over the past two, three years, we have experienced significant changes in our lives, including the way we access to application systems. And I'm currently doing a leadership compass report on access management. So far I had briefings with around 25 vendors. So what I've gathered here is some of the trends that I see in the market. So let's get going then. Here's the agenda for today.

I'm not gonna talk too much about what access Management is. I only have 19 minutes, so I won't be talking about the background or the history. Then I'll talk about the access in a Connect anywhere world, then explore some market trends. And then at the end I'll talk about how we can get a future proof access management. So the quote of the day, the access management market provides a number of options to organizations and continues to evolve beyond the traditional capabilities seen in the past.

Okay, this is not the updated presentation I had planned, but we'll just carry on then. Okay. Yeah. Organizations require access to systems for all types of user populations. Access management in a nutshell is access to systems at runtime. Right? And I believe some of these are a bit outdated, but, okay. Okay. Just until Martin. Okay. So let's look at some use cases in this slide. I was supposed to have more use cases because there are more use cases than this, right? There's the workforce, which is b2b.

B2b, which tends to be the most complex one. Support for external partners and customers, contractors, suppliers, et cetera. I'm just thinking Paul, because I believe that this is a very outdated presentation. So I think the next slides are gonna be, I'll just carry on then. Okay. I'll try my best to give you what I was trying to, to tell the story that I was trying to tell here. I was also gonna talk a bit about the healthcare use cases and that basically access management is used in any sector or any use case where there's authentication and authorization required, right?

So I was supposed to have another slide here where I was gonna compare what was expected back in the days, what is expected now in terms of capabilities and what we expect in the future. Some of the things that we expect now are, for example, having a modern architecture with, based on microservices, we expect vendors to facilitate legacy systems, the migration to more modern systems. We expect comprehensive set of APIs, but some of the things that we expect in the future have to do with decentralized identities, with authentication, with unified endpoint management.

And of course, that doesn't mean that the things that I mentioned before are not gonna be expected in the future. They're still gonna be important. But there are some elements that we see that in the future are gonna be more in demand. So here are just more additional capabilities, security orchestration, deliver administration, fraud reduction capabilities. That's also big one. And like I said, decentralized identities. Something also that we expect in the future is policy access, policy-based access controls.

We had few sessions in the morning that went more in detail why policy-based access controls are important, why we need to get rid of static entitlements and why we need more dynamic base access controls. Right? So moving on to the next chapter. So what has changed, like I said earlier, the COVID 19 pandemic, right? But also I think the most important one is the shift to hybrid and remote work that has led to enterprises some challenges for enterprises. For example, when it comes to onboarding, that's a slide that I think I have it, let's see if I do.

But there's a slide on on why contact free onboarding is essential for enterprises and why they need to improve in that aspect. Also, businesses are accelerating their digital transformation journey. They're moving to the cloud. And of course their new technologies such as decentralized identities and authentication that are driving the the market.

Okay, I have this slide. So contact free onboarding. There are some elements here that well actually was planning to have here, zero trust. And over here there was another one, but I'll just try my best. So these are some of the components that need to be in place for enterprises to leverage their existing technologies or new technologies, but without adding more complexity to what they already have. And that's why zero trust, zero trust is a very important thing to have before adding new technologies, right?

So as I said, with the shift to hybrid and remote work, organizations need to accelerate and improve their onboarding processes. So let's look at some market trends.

Yeah, okay, I apologize for this, but I'll give it my best. So password authentication, right? Maybe some of you attended one of my sessions yesterday on password authentication. What we see is that there's a sort of convergence between passwords and access management.

I mean, we know that passwordless solutions, they try to increase both security and convenience, but they also increase mobility and, and they reduce costs, for example, okay, no, nevermind. Some of the market observations that we see growth to e-commerce, the use of PAs, keys by Microsoft, Google, Android, and the of course development of open standards.

But again, it's important to know that passwords are still gonna be used in the next few years. They won't be disappearing completely. It'll take some time. And in some corner of the world, we'll see someone using passwords in, in probably decades. Something that I see in, in the passwordless market that is lacking is more presence from passwordless vendors in regions like Latin America in the Middle East and Africa. So if we really wanna make password less a global phenomenon, it needs to be global, right?

And the thing is that many people in these regions, they, some of them don't have smartphones. So that's also a challenge, right?

So yeah, we need to enable the right people with the right access to decentralized identities. So from internal workforce, right? We need to ensure that the people that we've never met are gonna be the people they claim to be. Especially if you're doing onboarding from another country. It's important that enterprises issue the credentials remotely.

Also, when it comes to B2B use cases like partners, contractors, freelancer suppliers, it's important, important to increase flexibility and to streamline onboarding processes. And for customers, yes, let's keep the bad ones out and let the good ones in Some market observations when it comes to, to decentralized identity, one of my colleagues, Annie Bailey, she did a relationship compass on reusable and verifiable credentials. And she says that the market is very competitive, it's very dynamic and very exciting.

So we predict that the decentralized market will continue to grow and gain momentum. Okay? So the next one is extending unified endpoint management. And the reason why I talked about Zero Trust earlier is that zero trusts is not only about networks, right, but also about identities, applications, systems and devices. So it's important to extend that across all the endpoints that any employee may have anywhere in the world, right? And if we look at the market observations that we see is that the UEM market is already mature, but it continues to grow.

And the shift to remote work, it requires the use of mobile devices to access enterprise applications. So enterprises need to ensure that their users and their employees are using their devices from anywhere as if they were in the office, right? So next one, another trend that we see is the policy-based access controls.

You know, some people said that the attribute space access controls, they, it did not really gain too much adoption and momentum, but it's expected that people will pay more attention to policy-based access controls. Why? Because the decisions are remain real time. There's fine grain access control. And like I said earlier, it's important to get rid of static entitlements, right? Because it just creates more problems. And with all the rectifications, et cetera, Here are some market observations.

Organizations should begin preparing for a more flexible and effective access management approach to meet the needs of tomorrow. Policy-based approach can address many of the pain points experience by organizations by enabling a centralized, consistent and dynamic just in time way of managing access. And while this is the last slide, cuz I said this was not the presentation I was hoping to have, so I guess I'll have plenty of time for questions if there are any. So these are some of the components that we need to have in place for a future-proof access management.

And these are, like I said earlier, these are the trends that I see. And I think especially something that will have an impact in the industry is the convergence with Passwordless and of course the the role of decentralized identities. So that's all from my side.

And again, apologies for this inconvenience, Alejandro. Thank you. And I dunno what happened, but no happened. The gods were against you, but I think you did a amazing job. But is there any questions, since we do have a few minutes extra, if not from the audience, and I have one, how is Passwordless authentication changing the way we approach access management? Right. So I think people who have been attending EIC for the past two years, there's been a lot of talk about passwordless, right? And seems like there's a lot of hype.

When I talk to some vendors, they always tell me that, oh, 2023 is a year of passwordless. Seems like it's a bit of hype, but to some extent there's some momentum there. And I think that some of the access management vendors, like I said, I'm doing a report on access management and I've had briefings with many of them. And some of the capabilities that they like to highlight is passwordless because they know that it not only increases security, but it also makes it easier for users.

And if Passwordless wants to become mainstream and and gain more adoption, it will need to be very easy for users to use. And of course, the security aspect that organizations, enterprises want. Thank you. Thank you. Thanks again. Thank you. Thanks lo.