Gartner Says the Internet of Things Will Drive Device and User Relationship Requirements in 20 Per Cent of New IAM Implementations by 2016
Gartner's 2015 Predictions Special Report Examines the Significant Impacts of the Evolution of Digital Business / Analysts to Examine IAM Trends at the Gartner Identity Access Management Summit 2015, 16-17 March, London, UK
"IAM, as defined today, will bifurcate, with identity management assuming a broader entity relationship management role and access management assuming a broader relationship execution role that replaces or supplements authentication policy and authorisation enforcement," said Earl Perkins, research vice president at Gartner. "Traditional authentication and authorisation for user identities will continue to include devices and services, but will also incorporate expanded machine-to-machine communications requirements into expanding digital business moments. Embedded software and systems will make extensive use of the new and expanded IAM architecture to handle the scale and ubiquity requirements the IoT will demand."
Gartner made three further predictions about IAM:
By 2017, enterprise mobility management integration will be a critical IAM requirement for 40 per cent of buyers, up from less than 5 per cent today.
Organisations continue to face challenges in providing consistent, convenient and secure access to enterprise and third-party applications using web and native application architectures on a wide variety of devices. Today's enterprise mobility management (EMM) tools can set security policies, provision device identities and isolate applications. However, their access management integration capabilities are nascent and only support internal use cases well.
Present-day EMM tools have limited breadth of support for Windows operating systems and, although Windows endpoints may be on the decline relative to mobile adoption rates, Windows endpoint management is not going away. Given these integration gaps and market opportunities, IAM leaders can expect EMM and traditional Windows PC management disciplines to move through three waves during the next five to seven years, going from diverged solutions to converged solutions with separate management processes, and finally to converged tools and processes. This third phase is called universal endpoint management, which will better address endpoint diversity and support traditional desktop, laptop and mobile devices. During the next two years, disparate IAM and EMM disciplines will evolve similarly and will be used together to protect organizations from threats that have overcome traditional IAM and EMM controls used in isolation.
By 2020, 60 per cent of organisations will use active social identity proofing and let consumers bring in social identities to access risk-appropriate applications.
Digital business is driving the need for organisations to consume social or other reusable, third-party identities. The pervasive and persistent use of social media across the geographies has presented a valuable source of identity information and service delivery opportunity for today's identity consumers and service providers.
"More organisations could adopt a bring your own identity approach for allowing customers and workforces to use their social identities, thereby improving user experience and opportunity to leverage social relationships for marketing purposes," said Anmol Singh, principal research analyst at Gartner. "With low-cost, social identity-proofing services, small and midsize businesses could use remote on-demand verification of identities to grant access to users outside the organisation, eliminating the need to manage detailed identity-proofing processes in-house."
By 2020, new biometric methods will displace passwords and fingerprints for access to endpoint devices across 80 per cent of the market.
Biometric technology is not new, but it is now gaining traction in mobile devices for consumers. Within the past year, Apple, Samsung and others began globally shipping smartphones with embedded fingerprint authentication and Gartner expects increased penetration over the next few years.
However, interest in fingerprint methods is expected to peak at around 20 per cent of the total endpoint device market in 2017. Biometric implementations in these consumer devices are relatively weak; after all, the feature extraction, comparison and matching have been tuned to provide a good user experience and good performance on a mobile device, rather than to establish high trust.
"Embedded fingerprint authentication does not improve user experience for everyone," said Ant Allan, research vice president at Gartner. "Furthermore, given the low trust that these methods afford, we expect to see increasing dissatisfaction as people's devices are compromised over the next few years. The same kind of biometric modes that organisations may soon adopt for authentication from the device will be preferred for authentication to the device in the midterm."
Gartner projects that endpoint device vendors will invest in face recognition via a user-facing camera, voice recognition via a microphone, keystroke and gesture dynamics via multi touch screens and handling dynamics - a novel motion-based behavioural mode using device accelerometers and gyros. One of the major advantages of these methods over fingerprint is that not one needs a specialised sensor. Each one takes advantage of inputs that are already available on smartphones, tablets and many PCs. Hence, any or all could be implemented simply by making changes to the endpoint OS, thus benefiting all users, not just those with the latest models.
More detailed analysis is available in the Gartner Special Report "Predicts 2015: Identity and Access Management." The report is available on Gartner's webs site at http://www.gartner.com/document/2912417.
This research note is part of Gartner's Special Report "Gartner Predicts 2015" features over 80 reports arming IT leaders with insights and actions to begin exploring the significant impacts of the evolution of digital business. The special report can be viewed at http://www.gartner.com/technology/research/predicts/ and includes links to reports and video commentary that examine how digital business is driving "big change".
Gartner analysts will also explore in more detail how to address difficult and complex IAM issues at the Gartner Identity & Access Management Summit 2015, held on 16-17 March in London, UK. You can find more information about the Summit here http://www.gartner.com/technology/summits/emea/identity-access/. To obtain a media pass for the Summit, please contact firstname.lastname@example.org.
Gartner UK Ltd
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. We deliver the technology-related insight necessary for our clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, we are the valuable partner to clients in over 9,100 distinct enterprises worldwide. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, we work with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA., and has 6,600 associates, including more than 1,500 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.