Virtualization Technology News and Information
RSA Security 2019 Predictions: Rethinking Identity and Authentication

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Jim Ducharme, Vice President of Identity Products, RSA Security

Rethinking Identity and Authentication

Identity is back on the front page, as organizations come to realize that stolen identity is the number one security issue, and often the weakest link in security postures. Last year, billions of data records were compromised in massive data breaches and malicious cyberattacks, leaving cybersecurity top of mind for all.

As the year begins, it's a good time to discuss some of the challenges and risks associated with identity that companies will face as they continue their journey of digital transformation. So, what's in store for 2019? Here are my predictions:

Prepare for the "Identity of Things"

From virtual assistants, home automation, to wearables, smartphones, tablets and more, there is no shortage of connected devices that help us get through our day and keep us productive. Within the enterprise: Devops, continuous development, and dynamic workloads and infrastructure has created more and more autonomous infrastructure and processes that drive our business than ever before.  The explosion of IOT and IT automation has reached a tipping point where the conversation of identity will take on a whole new meaning. The number of identities associated with things or autonomous processes will dwarf the number of real humans these things often act on behalf of. It's time to put new methods in place to deal with the risks associated with these new identities especially as it relates to the three most critical areas of identity risk:

  • Identity assurance - are these things who they claim to be?
  • Access assurance - do we understand what they should be able to do?
  • Activity assurance - are they behaving appropriately?

The Four-digit Pin Will Give Biometrics a Run for its Money

Biometrics are under a lot of pressure these days to be the silver bullet of authentication. So how could a simple 4-digit pin, which has at most 10,000 possible combinations, give biometrics like FaceID with a 1 in 50 million entropy a run for its money? The industry will come to realize when 4-digit pins are combined with AI and machine learning, the four-digit pin, similar to what has been used for decades to protect access to our bank accounts, can provide a very high level of security. The ultimate goal for identity and access management is not to find the unbreakable or "unhackable" code for authentication, but rather, to layer security to create a much stronger identity assurance posture. AI and machine learning will be a game changer, allowing for intelligence-driven authentication that will open up additional options of security layers for organizations.  

Passwords Aren't Dead

We have long seen predictions that passwords are in their final days, but it's time to come to grips that passwords will be here for a long time. It's time to reverse the trend of how complex passwords have become (MyKitsH8Me!) and how hard they are to manage (having to change them every 60 days) in an attempt to improve password strength. We can un-complicate the password and unburden it from having the ultimate responsibility of security so that a simple password coupled with additional layers of risk-based authentication (such as behavioral authentication, location, device context and transparent biometrics) can help businesses be more secure.

A New Generation of Risk-based Authentication

With a seemingly endless stream of high-profile data breaches and malicious cyberattacks, the need to ramp up security and manage identities is evident. In 2019, we'll see the beginning of a new generation of risk-based authentication, powered by machine learning and user behavior analytics. Organizations will start to uncover their own unique context and identity insights to gain a more comprehensive view of user identities including locations, behavior patterns, frequency of use and more. This new generation of risk-based authentication will allow organizations to reduce the friction on end users when accessing applications and information while strengthening the assurance that the user is who they claim to be.

As companies continue their digital transformation journey, they will be faced with unprecedented cybersecurity challenges, and can longer rely old methods to protect their critical assets. It's time to truly understand the digital risks that come along with innovation and rethink identity and authentication management.


About the Author

Jim Ducharme 

Jim Ducharme is Vice President of Identity Products at RSA. He is responsible for product strategy and  leads the associated product management and engineering teams. He has nearly two decades of experience leading product organizations in the Identity marketspace, and has held executive leadership roles at Netegrity, CA, and Aveksa.

Published Monday, January 14, 2019 9:37 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>