Virtualization Technology News and Information
Article
RSS
Omada 2025 Predictions: What's Ahead in Identity - Eight Predictions for 2025

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Paul Walker, field strategist and Theis Nilsson, vice president global advisory practice, Omada

Managing identities has become increasingly complex and challenging in our digital and remote world. Technology is racing to catch up - particularly the application of AI to identity management. But it's not a panacea, and organizations need to proceed with caution as they update and streamline their processes while working to remain compliant and secure. Here's what we're predicting 2025 will bring.

Prediction 1: Passwordless Authentication Takes the Spotlight

We are on the precipice of a shift from the longstanding practice of forced periodic password changes as IT departments worldwide adopt guidance from major cybersecurity authorities. The National Cyber Security Centre (NCSC), the European Union Agency for Cybersecurity (ENISA) and the National Institute of Standards and Technology (NIST) all recommend against mandatory password resets, citing evidence that frequent changes often lead to weaker passwords and reduced security. This shift could be a significant step forward in balancing security with user experience.

Easy-to-use enterprise-level alternatives to using passwords for operating systems such as Windows 10/11 include innovative authentication methods such as the Fast Identity Online (FIDO) standards. Windows Hello and Microsoft Edge have been supported by FIDO since 2018, yet widespread adoption of physical (FIDO2) keys in enterprise settings is still lagging due to cost barriers. We've seen the adoption of mobile passkeys (FIDO2) that are claimed to be phishing-resistant and are easy to use. Passkey usage means users no longer need to enter usernames and passwords for authentication. The passkey uses device biometrics to unlock their devices to sign into apps and websites. Expect the usage of passkeys to continue to accelerate in 2025.

Prediction 2: Identity Management Sees an Increase in AI-Human Augmented Decision-Making

In 2025, we expect to see the first widespread implementation of AI-human augmented decision-making in identity management. Not all organizations are ready to configure systems to "just do it" - that is, allowing AI to make decisions without human intervention. The industry will closely observe whether the human plus AI augmented decision-making approach delivers value and can build trust. A key challenge to full automation of decision-making will be the transparency of recommendations and how humans can override automatically made decisions with feedback, adjusting the recommendation engine for future decisions. Decision makers need to feel confident that they can trust the recommendation and that their feedback is effective, because they're still accountable to the business when critical identity decisions are made without direct human oversight.

Prediction 3: GenAI Integration Produces Proactive Security

Identity Governance and Administration (IGA) products will likely evolve into more proactive security tools. For example, offering real-time recommendations and insights to enhance IT security operations and maintain identity/data hygiene. Another proactive stance involves moving on from analysis of existing assigned permissions and incorporating user behavior information as well, especially from cloud/SaaS systems that can easily share these logs. Integrating generative AI will be a key driver in this focus on greater proactivity. As an example, intelligent notifications will use desktop collaboration tools to deliver daily "messages of the day" with personalized suggestions to strengthen identity security posture. Traditionally focused on prevention, IGA will shift toward contributing to operational security and security hygiene posture. The adoption of new, user-friendly interaction methods, such as the Generative AI-powered natural language model, will drive this transformation.

Prediction 4: Faster Shared Signals Framework Adoption

In 2025, we'll see accelerated adoption of the OpenID Shared Signals Framework (SSF) from vendors as organizations prioritize real-time communication between security tools to enhance adaptive security postures. With the identity perimeter now central to modern security strategies, more enterprises will integrate SSF to achieve seamless data sharing across disparate systems, enabling a more resilient defense against evolving threats. With its flexibility and scalability, the SSF will lead to more collaborative security ecosystems, breaking down silos across cloud providers, SaaS applications and security systems, thereby enhancing security in an increasingly hybrid and complex environment.

Prediction 5: The Ascendancy of AI-Driven Innovation and Cross-Platform Interoperability

The IGA sector will continue to see rapid innovation spurred by AI/ML. As vendors consolidate, interoperability will be key, with companies striving for seamless integration across platforms. The winners in this space will be those who can harness cross-domain capabilities and implement agile solutions for cloud application management, enabling tasks like application onboarding in a matter of hours.

Prediction 6: Infrastructure Complexity Will Bring Setbacks

The complexity of infrastructure and system landscapes will continue to present challenges and setbacks. Companies will need to navigate competing priorities, with governance, risk and compliance investments often clashing with spending on perimeter security and efficiency-driven AI/ML initiatives. Regulation will play a crucial role in maintaining a balanced corporate focus amid these competing demands.

Prediction 7: Balancing Security, Innovation and Regulation

Regulation will continue to shape IGA, with frameworks like the Network and Information Systems 2 (NIS2) and the Digital Operational Resilience Act (DORA) in the EU reinforcing compliance-driven initiatives. At the same time, a push toward corporate effectiveness will highlight the efficiency benefits of automated and AI-supported IGA solutions. In both instances, security will remain a priority, with principles like "least privilege" becoming crucial to limit hacker access, aiming to ensure that if an attacker gains entry, their ability to move across systems and platforms is restricted, mitigating potential damage.

Another hot spot where regulation and innovation are coming together is the EU AI Act. As AI is offered in high-risk applications such as Identity and Access Management (IAM)/IGA, there's plenty of analysis and preparation for vendors as well as customers. The EU AI Act represents a landmark regulatory effort as it attempts to balance safeguards to protect individuals from potential harm but not restrict innovation.

Prediction 8: GenAI and ML Will Guide and Support Identity Governance

GenAI and ML are likely to play a more significant role in IGA by simplifying tasks like access requests and approvals, where they can provide valuable guidance and support. However, the effectiveness of GenAI and ML in the deepest aspects of IGA, such as business logic analysis and role mining, may be limited due to bad data hygiene. This often results from inconsistent governance and could skew GenAI/ML insights. Nonetheless, AI/ML will be useful at a higher level, potentially aligning regulatory requirements, business processes and job-related permissions more effectively. The goal of this particular innovation is that a user and chat assistant can accomplish their goal with a time and cost reduction. We estimate that the cost per transaction of a user and AI chat assistant will be a fraction of a help desk call price.

Though challenges remain, AI in its various forms will prove to be an even more valuable ally to identity management in 2025. These technologies will assist identity professionals with greater efficiency, security and governance while leaving room for ongoing innovation.

##

ABOUT THE AUTHOR

Paul Walker, field strategist, Omada

Paul Walker 

Paul Walker is field strategist at Omada. A veteran within the identity market, Walker is an expert with over two decades of experience in sales and product leadership roles at renowned brands like Dell and Oracle. He works closely with customers globally to ensure they are successful in leveraging Omada's solutions to achieve improved compliance, efficiency and security. He has deep deep understanding of the identity landscape garnered through executive stints at Clear Skye and One Identity.

++

Theis Nilsson, vice president global advisory practice, Omada

Theis Nilsson 

Theis Nilsson has held different consultancy and management roles within Omada for more than 15 years. He began his career in research and development in the area of network management security and holds a master's degree in computer science from the Danish Technical University. He has been working with organizational development and information technology for more than three decades. His work with organizations includes a combination of consulting and advisory roles, where process improvement, benefits realization and organizational restructuring has played a key role.  

Published Friday, November 22, 2024 7:37 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567