Virtualization Technology News and Information
Article
RSS
JumpCloud 2022 Cybersecurity Predictions: The Device Takes Center Stage and Layered Identity Gets Real

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual VMblog.com series exclusive.

The Device Takes Center Stage and Layered Identity Gets Real

By Neil Riva, Principal Product Manager, JumpCloud 

Now, closing in on two years after the beginning of the pandemic, IT teams everywhere are wrestling with three major developments: the new normal of remote and hybrid work, the massive acceleration to cloud-only architectures, and an uptick in device-based security threats.

It's no small challenge. IT teams are being asked to manage identity across SaaS applications and VPNs, across multiple operating systems, and across the wide range of different devices today's users have. And the challenge is widely known by those who are facing it. One key finding of our recent survey of SME IT admins is that 74% think remote work makes it harder for employees to follow best security practices. Shifting the burden of security away from end users is essential to any organization, especially given that a complicated combination of devices, systems, applications, and networks has led to an explosion of access points. And this is all at the same time that security threats continue to grow in sophistication. 

As we look toward 2022 and to address these challenges, identity management will become increasingly device-focused, increasingly cloud-based, and layered identity will begin to become part of the conversation. 

Three predictions for what's down the road for identity in 2022:

Devices will become central

As employees use a mix of personal and company-owned devices (and share them with loved ones!), IT teams will need to ensure they're prepared for the threat that such sharing introduces. Businesses may require device trust with certificates, a downloaded agent, or FIDO security key and mobile push authentication to prevent unauthorized access. Introducing extra steps for authentication is an invitation for employees to create workarounds, so the move toward passwordless will accelerate in 2022. Remote device management will become central, from being able to wipe a device remotely in the case of threat or deprovision users easily.

Cloud-based security through platforms

Traditional on-prem directories that powered identity for decades are ill-suited for today's IT needs as businesses moved out of the office and migrated to the cloud. Though protecting assets in the cloud offers a different set of complications, and often businesses have had to tack on new endpoint solutions for each threat surface. Frankly, it's become almost impossible for teams to manage usage and access across all of those single solutions, especially for smaller IT teams who lack budget and staff. Platforms that can cover multiple attack surfaces will gain traction as IT teams look to simplify user management without sacrificing anything in terms of security. Also, MSPs are going to continue their massive growth as businesses look to limit their exposure by centralizing their user management either through tool consolidation or third party management. 

Layered identity will become center stage 

Though the industry has talked about it for years, the growing adoption of Zero Trust aligns with popular least privileged access models, built on a solid foundation of layered identity. Whether it's step-up authentication based on the sensitivity of resources, risk-based adaptive auth policies, or a move toward decentralized data management, more businesses will consider how best to manage user identities based on context. I also think there will be a shift toward how to manage, access, and store that identity that aligns more closely with what that use case requires. We're seeing this in the digital identity conversations around digital citizenship, but I think this is catching on in businesses as well - essentially decentralized identity as a part of conditional access.  

If the last year (or two) have taught us anything, it's that IT and security teams will continue to face challenges, both known and unforeseen. Users' devices will become even more central, especially as push technology requires them as part of authentication, and cloud security will need to continue to iterate to meet today's threats. Part of managing those threats will involve a new approach to identity, a more holistic one that takes context and application use into account. 

##

ABOUT THE AUTHOR

Neil Riva 

Neil Riva is a Principal Product Manager at JumpCloud focusing on identity and authentication. Award- winning product leader with extensive experience creating a diverse portfolio of identity and access management, authentication, and cybersecurity products. Former Director of Product Management at HID Global IAM, Crossmatch Inc & DigitalPersona. With 20+ years of experience, Neil has led and developed products in the authentication, biometric, network management, security and artificial intelligence areas. He was the CTO of noHold Inc. designing and developing a patented Artificial Intelligence cloud-based technology to improve enterprise services. Neil's graduate school practicum project was conducted at IBM Scientific Research Laboratory focusing on artificial intelligence and expert systems used for Information Management.

Published Monday, November 08, 2021 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2021>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011