Skip to content

Posts from the ‘IAM’ Category

Jul 7

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024
1 Comment

GenAI and IoT security are core to Forrester’s top 10 emerging technologies in 2024

Predicting that generative AI (genAI) for visual content, genAI for language, TuringBots, and IoT security will be the four technologies that deliver the most immediate ROI in two years, Forrester’s Top 10 Emerging Technologies In 2024 reflects the urgency more businesses have for making AI pay while securing their most at-risk endpoints.

Rounding out Forrester’s ten emerging technologies are AI agents, autonomous mobility, edge intelligence, quantum security, extended reality (XR), and Zero Trust Edge (ZTE).

Forrester’s stack ranking of technologies by ROI potential

Advising clients to include ten emerging technologies on their radar and roadmap, Forrester has segmented them into short-term, medium-, and long-term groups based on their potential to deliver ROI. Three of the ten emerging technologies are cybersecurity related.

Technologies predicted to deliver the most significant ROI over the next two years

GenAI for visual content and language. Given how quickly genAI’s adoption is accelerating across enterprises via a myriad of cloud-based apps and tools, especially in marketing, digital design, and communications, it’s clear why Forrester predicted that genAI for visual content, genAI for language have the potential to deliver ROI in two years. Forrester notes that “genAI for language is already delivering value in customer support and content creation but continues to advance at a blinding pace. It is accelerating many other technologies as it goes.”

TuringBots are predicted to accelerate app development. The report states that these AI-powered software robots “help developers build applications that deliver more than just code generation” thanks to advancements in genAI for language. TuringBots are defined as “AI-powered software that augments application development teams’ automation and semiautonomous capabilities to plan, analyze, design, code, test, deliver, and deploy while providing assistive intelligence on code, development processes, and applications.”

IoT Security to secure the proliferating number and variety of endpoint devices. Forrester defines IoT security technology as including components that are “familiar to endpoint management and security: asset management, identity and access management (IAM), data security management, Zero Trust networking, and attack surface risk management.” Forrester predicts that deploying IoT security solutions will deliver expected business value within a year as vendors increasingly offer capabilities as part of other cybersecurity platforms.

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024

Source: Forrester’s Top 10 Emerging Technologies In 2024

Emerging technologies predicted to deliver ROI in two to five years

AI agents. Forrester is seeing AI agent technology stacks include advanced deep learning techniques, including generative, predictive, and reinforcement learning, that enable greater context, analysis, strategy, and planning. Forrester believes their full realization is two to five years away, predicting that “organizations with large amounts of information and sizable human workforces will likely see the biggest and most immediate benefits.”

Autonomous mobility. Manufacturing and logistics are two industries shifting workloads from initial pilots into production, according to Forrester. Both industries are facing continued labor shortages, regulatory pressures, and rising costs and see the potential to improve traffic and supply chain management results. Key benefits include greater operational efficiencies across shop floors, improved regulatory compliance, enhanced worker productivity and safety, and more accurate data to track environmental sustainability efforts.

Edge intelligence. Edge intelligence, according to Forrester, is “the ability to collect data, make assumptions based on that data, and link that data to relevant, distributed, orchestrated, and contextually driven responses in a network of application, device, and communication ecosystems.” The report further defines the tech stack for edge intelligence as including streaming analytics, edge ML, federated ML, and real-time data management on intelligent devices and edge servers.

Quantum security. Reducing the risk of “harvest now, decrypt later” quantum attacks, providing increased cryptographic agility for the future, and improving digital signatures are a few of the many benefits quantum security delivers. Asymmetric and symmetric key generation, symmetric key distribution via QKD, digital signatures and certificate management, and keeping an accurate list of cryptographic algorithms are some of the most common uses. These benefits and use cases form the basis of Forrestter’s assigning quantum security into the mid-segment of their stack ranking.

GenAI and IoT security are core to Forrester's top 10 emerging technologies in 2024

Source: Forrester’s Top 10 Emerging Technologies In 2024

Emerging technologies predicted to deliver ROI in over five years

Extended reality (XR). Forrester defines XR as “a technology that overlays computer imagery on a user’s field of vision, with augmented reality (AR), mixed reality, and virtual reality (VR) technologies that are supported by the same developer tools, sensors, cameras, and simulation engines.” Their report notes that only 8% of US online adults own a virtual-reality headset, and just 16% have used an augmented-reality device or app. While XR is advancing in training and onboarding, companies are resisting investing in tools like these until they see broad adoption.

Zero Trust Edge (ZTE). ZTE technology has the potential to protect remote workers, retail outlets, and branch offices with embedded local security. Highly distributed enterprises with little variation between sites are predicted to see the greatest benefit first.

Conclusion

Forrester sees security as core to any organization seeking to maximize the value and ROI of emerging technologies.

Three cybersecurity technologies, IoT security, quantum security, and zero trust edge (ZTE)—form the foundation of the ten emerging technologies. “The inclusion of these security technologies underscores a crucial point: the future belongs to those with the foresight and will to invest in security now. As AI capabilities expand, so do the potential vulnerabilities that malicious actors can exploit,” writes Brian Hopkins, vice president, emerging tech portfolio at Forrester.

Defending endpoints need to start with a zero-trust framework that enforces least privileged access and monitors everything happening on the network while also enabling microsegmentation to reduce the blast radius of a potential cyberattack. Relying on legacy account and identity and access management (IAM) systems that assume trust across systems and within identity management data structures is a breach waiting to happen.

Forrester’s top ten emerging technologies show a progression from already having significant use cases and adoption to newer technologies that are nascent in the market. All share a common characteristic with security, however. As technologies get more complex and remain unproven, security technologies need to step up the use of new technologies to counter threats. Quantum security and zero trust edge correspond with the direction of the ten emerging technologies. They reflect the need to keep improving security to protect the best ROI possible with new technologies on the horizon.

Jul 7

Forrester's top ten trends defining identity and access management in 2024

Forrester’s top ten trends defining identity and access management in 2024

Stolen identity and privileged access credentials now account for 61% of all data breaches. This figure continues to increase as nation-state attackers, cybercrime groups, and rogue attackers integrate AI into their attack tradecraft.

Adversarial AI is taking aim at identities

 80% or more of breach attempts aim first at identities and the systems that manage them. CrowdStrike’s 2024 Global Threat Report found that identity-based and social engineering attacks are reaching a new level of intensity. CrowdStrike found that attackers are using AI to launch advanced phishing attacks to impersonate legitimate users and infiltrate secure accounts. Attackers have long sought account credentials, but in 2023, their goals centered on authentication tools and systems, including API keys and OTPs.

“What we’re seeing is that the threat actors have really been focused on identity, taking a legitimate identity. logging in as a legitimate user. And then laying low, staying under the radar by living off the land by using legitimate tools,” Adam Meyers, senior vice president counter adversary operations at CrowdStrike, told VentureBeat in an interview early this year. Two of the most infamous Russian nation-state attackers, Fancy Bear and Cozy Bear, led these efforts, with the former exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) for unauthorized server access.

Top ten trends defining identity and access management (IAM) in 2024

Forrester’s recent report, The Top Trends Shaping Identity And Access Management In 2024, provides an insightful view into the future of Identity and Access Management (IAM) and Privileged Identity Management (PIM). The report predicts that threat detection and remediation will improve with the help of A.I. Forrester also predicts that FIDO passkey authentication will go mainstream. In contrast, biometric authentication will slow down due to concerns regarding deepfakes.

Leading IAM providers include AWS Identity and Access Management, CrowdStrike, Delinea, Cradlepoint, ForgeRock, Ivanti, Google Cloud Identity, IBM Cloud Identity, Microsoft Azure Active Directory, Palo Alto Networks, and Zscaler.

Here is a summary of the top ten trends Forrester believes will shape IAM in 2024:

Trend 1: AI Will Improve Identity-Based Threat Detection and Remediation. Generative AI (genAI) is helping to redefine the future of IAM by improving outlier behavior analysis, increasing alerts’ accuracy, and streamlining administrative tasks while guarding against new threats.

98% of security professionals believe AI and machine learning (ML) will be beneficial in fighting identity-based breaches and see it as a pivotal technology in unifying their many identity frameworks. The majority, 63%, predict AI’s leading use case will be greater accuracy in identifying outlier behavior. 56% believe AI will help improve the accuracy of alerts, and 52% believe AI will help streamline administrative tasks.

Forrester asserts that AI will help short-staffed security teams triage alerts and automate time-consuming, mundane aspects of their jobs. Forrester also envisions genAI being used to query, “Which five applications are the riskiest from an identity entitlement perspective?” CrowdStrike announced at RSAC 2024 that Charlotte AI, CrowdStrike’s Generative AI security analyst, can automatically correlate all related contexts into a single incident and generate an LLM-powered incident summary for security analysts.

Trend 2: IAM Platforms Face Increased Scrutiny Of Their Underlying Security. High-profile breaches that began with impersonation leading to identity theft, including MGM and Okta, reflect how social engineering can still bypass IAM safeguards. CISOs are pushing back on their IAM vendors to improve operational processes and security practices and prioritize security for cloud-based SaaS applications and multi-cloud configurations. Forrester writes that their clients running IAM systems expect their vendors to comply with standards like SOC 2, FedRAMP, ISO 27002, and PCI. CISOs and security teams are also asking to vet a vendor’s workforce, including both employees and contractors and understand how the vendor communicates about and addresses security issues.

Forrester’s advice to security and risk management professionals is to “Demand multifactor authentication for all workforce business and admin users, without exception. Prioritize IAM vendors that embrace secure-by-design and secure-by-default principles and value continuous two-way customer engagement to improve their overall cybersecurity posture.”

Trend 3: IAM And Non-IAM Vendors Respond To Identity-Centric Threats. More CISOs and their security teams are taking a zero trust mindset to breaches. They see them as inevitable, and as part of their zero trust frameworks, they’re looking to shut down lateral movement after an intrusion. Forrester observes that “both IAM vendors and non-IAM cybersecurity vendors keep making advances in identity threat detection and response (ITDR). As a result of organic development and acquisitions, ITDR capabilities are being incorporated in platforms from privileged identity management (PIM) vendors like ARCON, BeyondTrust, CyberArk, and Delinea, as well as XDR vendors, such as Cisco, CrowdStrike, Proofpoint, and SentinelOne.”

Trend 4: FIDO Passkey Authentication Goes Mainstream For Workforce And B2C Uses. Forrester notes that a large number of customer-facing sites, including H&R Block, PayPal, and Verizon, are moving to passwordless authentication. At the same time, smaller financial institutions like coinbase.com offer optional fast identity online (FIDO) Authentication and FIDO passkey-based authentication. The research firm expects 30% of B2C websites and apps to offer FIDO passkeys by the end of 2024.

Trend 5: Biometric Adoption Slows Due To Concerns Around Deepfakes. Despite biometric authentication being a security standard on smartphones, CISOs and consumers alike are becoming more concerned about deepfakes. Designing liveness detection and other advanced features for facial and fingerprint recognition systems reduces the threat of spoofing generated by deepfake technology.

As multiple breach attempts have proven, voice biometrics are more susceptible to attack. Forrester notes that in response, the FTC set a Voice Cloning Challenge to “encourage the development of multidisciplinary solutions—from products to procedures—aimed at protecting consumers from artificial intelligence-enabled voice cloning harms, such as fraud and the broader misuse of biometric data and creative content.” Vendors will add additional deepfake detection to their solutions in 2024, resulting in a rebound in biometrics adoption in 2025.

Trend 6: IMG And PIM Vendors Expand Coverage Of Cloud Administrator Identities. Getting multicloud and hybrid cloud security right is getting more challenging and complex to achieve at scale due to configuration complexity. Forrester notes that “zero trust in the cloud starts with understanding the data access entitlements of identities like cloud infrastructure administrators, SaaS administrators, and business users.” Security and risk management professionals need to review cloud administrators’ entitlements that grant access to sensitive data assets and, when necessary, cancel them. Forrester writes, “While tools offer detection and remediation automation, they are no substitute for documented and consistent identity governance processes.”

Trend 7: Government-Issued Digital Identities Continue To Spread. Forrester believes acceptance of government-issued decentralized digital identities (DDIDs) beyond government use cases will grow in 2024. Mobile digital identities, including driver’s licenses, are now available in the US states of Arizona, California, Florida, and Iowa. Jurisdictions that have or will soon issue mobile driver’s licenses include the European Union (based on the eIDAS 2.0 approved set of standards), Estonia, Hungary, and Sweden. Nigeria and the Philippines have digital identities active today. .

Trend 8: B2B IAM Becomes A Differentiating Feature. Security teams and CISOs running them who are operating without an extended IAM ecosystem for partners like contractors, suppliers, and resellers face more severe security risks. B2B IAM involves managing joiner, mover, and leaver (JML) processes differently than internal employees. Forrester predicts that in 2024, IAM vendors will enhance platforms with features like simplified federation onboarding, verifiable credentials for ID verification, and improved access review processes for the extended enterprise.

Trend 9: Commercial and homegrown IAM Solutions Face Growing Demand For Upgrades. Maintaining on-premises IAM systems is becoming more costly and inefficient, making it more attractive to move to a cloud-based platform. Forrester is finding that the brittle, less secure nature of on-premise legacy systems also makes them more difficult to upgrade. Demand is so high for replacing legacy systems that a recent Forrester survey found that the intention to replace homegrown solutions jumped from 4% in 2022 to 18% in 2023.

Trend 10: The Fine-Grained Authorization Market Heats Up. As digital platforms and business app creation continue to proliferate, the need for dynamic and fine-grained access controls is extending beyond security. Forrester says that the IAM market is moving toward centralized and external authorization patterns because of B2B2E and B2B2C relationships and the possibility that genAI could make it easier to create and manage authorization policies.