Virtualization Technology News and Information
Axiomatics 2023 Predictions: Machine Learning, API Access Control and Authorization in the Spotlight for IAM Teams


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Machine Learning, API Access Control and Authorization in the Spotlight for IAM Teams

By Mark Cassetta, chief product officer, Axiomatics

As attack surfaces continue to expand, identity access management (IAM) and subsequently, authorization will be a focal point for the enterprise. With drivers such as remote work, new applications and managing standards, organizations will make developing access control strategies a priority in the new year.

The Rise of ITDR Will Force Enterprises to Examine How They Quantify Risk

Identity-based attacks are now a threat businesses keep at the forefront of their threat awareness efforts. With remote workforces, widespread adoption of IoT, and a significant number of digital identities being created, the attack surface continues to widen, leaving organizations vulnerable to identity-based exploitation by opportunistic threat actors. Identity threat detection and response (ITDR) software can help protect identity systems, detect when they are compromised and enable efficient remediation. It is different from identity and access management (IAM) software as IAM's function is to prevent identity-related risks through proper user authentication and access up front, while ITDR identifies threats once systems have been compromised. Given the gaps in multi cloud architectures and an exponential increase in human and machine-based identities, in the new year, CISOs and security teams are evaluating ITDR to harden IAM platforms first, especially those deployed in multi cloud infrastructures.

IAM Teams Look to Adopt AI and Machine Learning but Only for Specific Instances

As more enterprises adopt an identity-first approach to their security strategy, they are challenged with how to manage the increasing number of entitlements and permissions connected to applications that live in a variety of environments (on-premises, private cloud, public cloud, etc.) and create a lot of data about events, logs, users and more. In addition, the explosion of demand for cloud infrastructure and entitlement management (CIEM) solutions has resulted in creating more predictable models about users, entitlements and provisions. As a result, in 2023 enterprises mature in their implementation of these areas will consider leveraging artificial intelligence or machine learning to further scale these strategies. However, AI and ML adoption by IAM teams will likely remain constrained to those targeted areas as enterprises continue to mature their IAM strategies.

API Access Control will take center stage for IAM teams

With the adoption of microservices and more advanced API frameworks including GraphQL, it's easier and more encouraged than ever before for developers to leverage APIs through their application development process. While the benefits to this approach are well known and include faster development, more code reuse within the enterprise, and more, enterprises will continue to struggle with the challenges this creates. Specifically, as all APIs become policy development points (or PDPs), they become a massive point of risk and a specific challenge for IAM teams. In short, while security teams have struggled with the explosion in APIs, IAM teams will grapple with the explosion in PDPs and the risk this creates for the enterprise.

For Authorization, it's no longer about the's about the strategy

Historically, authorization conversations focused on what standard is most effective or should be leveraged in a particular situation. Much like the standards in authentication (OpenID vs SAML vs OAuth), there won't be one standard that defines authorization. The use cases are so vast there may be different reasons to apply/leverage a different standard but the important thing will be the ability for these standards will interact with one another. As more enterprises look to adopt authorization, this conversation will shift from focusing on standards to focusing on strategy - how best to deploy authorization as part of a broader Zero Trust strategy or how to leverage signals from existing IAM (or broader cyber) solutions to bring access control to the fore across the IT stack. This will mark a leap forward for the authorization market as the focus moves from early adopters to becoming more mainstream.




Mark Cassetta, chief product officer, Axiomatics. A cybersecurity veteran with more than a decade of experience, Mark Cassetta leads Axiomatics' product strategy, driving the creation of solutions that offer enterprises around the world a way to address current and future authorization and access management challenges. Mark's background includes various leadership positions for both software vendors and global systems integrators, including Titus and Accenture.

Published Thursday, November 17, 2022 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>