The Covid-19 pandemic accelerated IT transformation in many ways. Lessons learned, among other things, is that IT software architecture must be highly flexible and scalable to handle the unforeseen tsunami waves of network traffic and flexible enough to address cyber-attacks in areas least expected or prepared, such as potential vulnerabilities in communication applications like Slack, Zoom, Microsoft Teams, or Trello. Organization's sudden imperative to shore up cybersecurity systems such as Access Management became strikingly apparent.
Zero Trust
During the covid-19 pandemic, the in-office workforce abruptly shifted to a work-at-home environment opening the door to many potential attack vectors. Physicians, too, used their personal computers and mobile devices to help care for patients as they did in the medical office remotely through Telemedicine tools. Medical staff needed to authenticate and gain authorization to access patient information in locations outside their typical work areas to provide security while preserving privacy. Taking a zero-trust approach became even more relevant using a zero-trust principle to always verify the user identity before providing access to any resource. Identity assurance begins with Identity proofing and further uses fraud detection capabilities. This industry requirement became apparent in the 2020 KuppingerCole Access Management Leadership Compass, which saw an uptick in the number of Access Management products providing some level of identity proofing and fraud detection features or indicated that those capabilities are on its near-term roadmap.
Access Intelligence is Stepping Up to Play a Larger Role
Beyond core Access Management functionality such as authentication, authorization, federation, audit reporting, and even areas of API security, the use of analytics and access intelligence is increasing. Intelligence gives the ability to make access decisions that can be acted upon based on the patterns and trends found through data analytics and other machine learning techniques. Access intelligence can be used to discover new applications or API endpoints introduced to the network, identify potential access risks, make recommendations on security posture improvements, and reduce fraud, as some examples. The level of access intelligence seen in the market today is being driven by its usefulness and has become a significant differentiator between cybersecurity product vendors.
Automation
The automation of everyday Access Management tasks is becoming a priority for many organizations. Intelligence can drive automation to reduce the workload of IT security and administrative inefficiency and human error sometimes experienced through the manual completion of Access Management tasks. Organizations use automation with the intent of making their operations leaner and achieve lower TCO. Access Management automation can be applied to tasks such as the management of user access, applying roles, or automated discovery of applications and APIs on the network and then applying the applicable access and compliance policies.
So, Where Does Access Management Go from Here?
Although the Covid-19 pandemic has forced many organizations to make some unanticipated changes in their cybersecurity services, Access Management must still provide core functionality. Still, it can enhance its effectiveness by utilizing analytics, intelligence, and automation through more innovative Access Management products and services.
To better understand the challenges of Access Management in this pandemic era and how it continues to evolve to meet recent business environment changes, KuppingerCole invites you to join the German Cyber Access Summit 2021 to hear from the experts and inform yourself on how to make the best decision possible for your organization.