The future of innovation in identity access management (IAM) includes greater use of biometrics, blockchain technology used in identity management systems, IAM for cloud services and edge computing with IoT devices .
Biometrics used for identity access management
One of the mega trends is to incorporate biometrics more fully, such as fingerprints, retinal scanners and facial recognition to better identify authorized users for networked systems. At first glance, this seems to provide an infallible way for systems to recognize people with almost certainty by using their unique biometrics.
Increased security risk due to the use of biometric data
It is contrary to intuition to realize that the use of biometrics can increase the safety risk. They present a wide range of new cyber attacks that are possible with the fraudulent use of stolen biometric information. The problem is that, unlike a complex password, which can be changed if it is compromised, a person's biometrics cannot be changed. Biometric information is permanent. If the biometric data is stolen, it cannot be reused for identity verification with certainty.
Beware of the theft of biometric data
An example of this is the recently announced large violation of biometric data experienced by Supreme as reported by Techerati. Prior to this violation, Suprema was considered a global security leader in biometric access control systems. Suprema has a database called Biostar 2 that is integrated with the AEOS access management system created by Nedap. AEOS used by more than 5,700 organizations worldwide in more than 80 countries, including UK law enforcement. Nedap's slogan is "Imagine you don't have to worry about security." Seriously?
The data breach of Suprema's Biostar 2 database involved 23 GB of sensitive and highly sensitive confidential data files that included usernames, passwords, personal information, facial recognition data and millions of fingerprints.
There is no need for the presence of the natural person if their biometric data files are compromised. All it takes is your data. Theoretically, the millions of those fingerprints are no longer useful for permanent identification because they are compromised. It is time to rethink the usefulness of biometric data. It can provide a false sense of security that is not guaranteed for deployment across the network.
In the future, IAM that uses biometric data needs more security work to protect the biometric data from being compromised. The third-party risk of biometric data being compromised is a real problem for a company like Nedap that relied on a company as Suprema to protect biometric data.
Blockchain and identity access management
Blockchain technology applied to identity access management attempts to address problems with maintaining identification information in a centralized system. As demonstrated by the violation of Suprema's biometric database, having all the identification information in the hands of a third party creates the risk of not properly protecting the information.
In addition, personally identifiable information in such centralized systems is not controlled by individuals. Instead, the information is owned by an external service provider. This can be a fatal flaw with designs so centralized that blockchain technology can board.
Self sovereign identity
A person's identity information must be their personal property that they control. This concept is called self sovereign identity.
Keeping this information protected by encryption in a permanent blockchain using a decentralized distributed network system gives the individual full control over the data. This avoids the conventional security risks of data stored in a centralized database.
Blockchain Smart Contracts for IAM
One proposal is to use blockchain technology to create a intelligent contract based IAM system that allows users to control their identities and associate them with certain attributes to achieve the objective of sovereign identity.
Identity Access Management for cloud services
Another important of the identity and access management trends is the role of user access management software in the cloud. Digital identity is very important when using cloud-based services. For example, the world's largest cloud service provider is Amazon Web Services (AWS). IAM on AWS it is a critical function to ensure that only authorized users have access to critical data and applications and customer identity It is managed by security risks.
IAM and single sign-on systems
One of the trends of IAM is to use single sign-on (SSO) systems with multifactor authentication which grants privileged access to hybrid systems that may consist of cloud services combined with local networks.
Many providers are now offering Identity access management as a service (IAMaaS) that provide the SSO function Based on the demand for these solutions. These solutions will continue to grow along with the increase in migration to cloud services.
IAM and Internet of things
The explosive growth of the Internet of Things (IoT) comes along with a great need for secure management of identity access. Each type of IoT device added to a network increases security risk exponentially.
For example, security camera systems in smart homes designed to improve security can be hacked by unauthorized users to spy on occupants. Something as innocuous as being able to turn on a hot tub, heat the water before using it, can tell a criminal hacker that residents are not inside the house, giving them the opportunity to steal the place.
Other examples of risks include economic IoT devices that use biometrics, such as fingerprint scanning, to activate them. Most of these devices do not store fingerprint data securely.
IoT devices that collect personal medical information are good for tracking health problems; However, who controls the data collected and the uses that can be made of the data are areas of great concern.
Another area in which developers are working for IAM systems is to create the ability for the system to authenticate the access that a large number of devices need. One solution is to bring most of the computational needs to the "edge." This makes the devices do as much information processing as possible.
In many cases, the security of IoT devices will be achieved by having the device identities embedded in the device's processing chip as an integral part of the hardware.
There is still a lot of work to do to provide an overview of networked IoT devices that are useful for system administrators. The purpose of the devices connected to IoT is to take advantage of the data collection of the devices by linking them directly to commercial systems. However, this link creates a great security risk if it is not managed correctly.
Context-based identity and artificial intelligence
Context-based identity management correlates data about an individual user that is relevant to the identity that is authenticated. Relevant data includes many factors, such as behavior patterns, physical locations, preferences, usage and system information, such as an IP address and a machine address.
By using artificial intelligence (AI) programming algorithms to extract data, Big Data can discover the relevant data patterns as part of the data analysis. This type of analysis is already being widely used by global banking systems to reduce fraud.
AI-based machine learning systems can get to know a person so well that all data collected about them, combined with multifactor authentication, will identify most people securely.
Identity access management will continue to grow in scope and scale. Biometrics can be useful; however, it should not be trusted solely for identification. Blockchain technology may be a better option for those who wish to control their identity. The ease of use of cloud-based offers is driving demand for single sign-on services. The expansion of IoT requires a scalable and reliable infrastructure to establish the identities of billions of new IoT devices and manage them through a massive network.
Embrace the cloud because it is penetrating and continues to grow. Explore innovative applications of blockchain technology to develop new ways of digital identity management. Work with IAM solutions that may not be perfect, but are flexible, governable and scalable.