The Internet of Things (IoT) will drive device and user relationship requirements in 20% of new identity and access management (IAM) implementations by year-end 2016, according to Gartner. The IoT has introduced new concepts for identity management, since every device interacting with users has an identity — and users and devices can have complex, yet defined, relationships.

“IAM, as defined today, will bifurcate, with identity management assuming a broader entity relationship management role and access management assuming a broader relationship execution role that replaces or supplements authentication policy and authorization enforcement,” says Earl Perkins, research vice-president at Gartner. “Traditional authentication and authorization for user identities will continue to include devices and services, but will also incorporate expanded machine-to-machine (M2M) communications requirements into expanding digital business moments. Embedded software and systems will make extensive use of the new and expanded IAM architecture to handle the scale and ubiquity requirements the IoT will demand.”

Gartner made three further predictions about IAM:

 

By 2017, enterprise mobility management integration will be a critical IAM requirement for 40% of buyers, up from less than 5% today.

Organisations continue to face challenges in providing consistent, convenient and secure access to enterprise and third-party applications using Web and native application architectures on a wide variety of devices. Today’s enterprise mobility management (EMM) tools can set security policies, provision device identities and isolate applications. However, their access management integration capabilities are nascent and only support internal use cases well.

Present-day EMM tools have limited breadth of support for Windows operating systems and, although Windows endpoints may be on the decline relative to mobile adoption rates, Windows endpoint management is not going away. Given these integration gaps and market opportunities, IAM leaders can expect EMM and traditional Windows PC management disciplines to move through three waves during the next five to seven years, going from diverged solutions to converged solutions with separate management processes, and finally to converged tools and processes.

This third phase is called universal endpoint management (UEM), which will better address endpoint diversity and support traditional desktop, laptop and mobile devices. During the next two years, disparate IAM and EMM disciplines will evolve similarly and will be used together to protect organizations from threats that have overcome traditional IAM and EMM controls used in isolation.

 

By 2020, 60% of organisations will use active social identity proofing and let consumers bring in social identities to access risk-appropriate applications.

Digital business is driving the need for organizations to consume social or other reusable, third-party identities. The pervasive and persistent use of social media across the geographies has presented a valuable source of identity information and service delivery opportunity for today’s identity consumers and service providers.

“More enterprises could adopt a bring your own identity (BYOI) approach for allowing customers and workforces to use their social identities, thereby improving user experience and opportunity to leverage social relationships for marketing purposes,” says Anmol Singh, principal research analyst at Gartner. “With low-cost, social identity-proofing services, small and midsize businesses could use remote on-demand verification of identities to grant access to users outside the organization, eliminating the need to manage detailed identity-proofing processes in-house.”

 

By 2020, new biometric methods will displace passwords and fingerprints for access to endpoint devices across 80% of the market.

Biometric technology is not new, but it is now gaining traction in mobile devices for consumers. Within the past year, Apple, Samsung and others began globally shipping smartphones with embedded fingerprint authentication and Gartner expects increased penetration over the next few years.

However, interest in fingerprint methods is expected to peak at around 20 percent of the total endpoint device market in 2017. Biometric implementations in these consumer devices are relatively weak; after all, the feature extraction, comparison and matching have been tuned to provide a good user experience and good performance on a mobile device, rather than to establish high trust.

“Embedded fingerprint authentication does not improve user experience for everyone,” says Ant Allan, research vice-president at Gartner. “Furthermore, given the low trust that these methods afford, we expect to see increasing dissatisfaction as people’s devices are compromised over the next few years. The same kind of biometric modes that organisations may soon adopt for authentication from the device will be preferred for authentication to the device in the midterm.”

Gartner projects that endpoint device vendors will invest in face recognition via a user-facing camera, voice recognition via a microphone, keystroke and gesture dynamics via multi-touchscreens and handling dynamics — a novel motion-based behavioural mode using device accelerometers and gyros. One of the major advantages of these methods over fingerprint is that not one needs a specialized sensor. Each one takes advantage of inputs that are already available on smartphones, tablets and many PCs. Hence, any or all could be implemented simply by making changes to the endpoint OS, thus benefiting all users, not just those with the latest models.