Gartner: Future of identity management is mobile, SaaS

By 2022, the research firm Gartner predicts 70 percent of enterprises that use biometrics for authentication will do so with smartphone apps. Last year, less than 5 percent of enterprises did so. According to Gartner, it is the lower cost and improved user experience that will drive this adoption of smartphone biometric authentication.

Speaking of cost and ease of use, Gartner predicts that by 2022, 40 percent of midsized and larger organizations will turn to software-as-a-Service, SaaS-based identity and access management. That adoption figure was also about 5 percent in 2018.

I’ve been speaking with many identity management professionals and many have recently turned to cloud-based identity management, or they plan too. Many of these organizations have decided to be cloud-first. Others are working on their digital transformation efforts and good identity practices can help with three of the top five barriers (data privacy and security concerns, lack of budget, and regulatory changes) to digital transformation success – at a minimum.

As Gartner observed, identity and access management delivered via SaaS is done so often to enhance access management software implementations. “The ease of implementation and rapid time to value of SaaS-delivered IAM offerings have proved valuable to organizations that favor SaaS adoption,” Gartner wrote in a news release.

While SaaS identity services may not be as mature as their on-premises forefathers (yet), they are rapidly maturing and, for many enterprises, these services do fit their needs. The same is true with mobile biometrics. Gartner contends that enterprises will strongly consider piggybacking on the biometrics already in place on consumer smartphones. This is not only cost-effective but also streamlines staff experience as they are already accustomed to authenticating to these devices.

“Security and risk management leaders responsible for identity and access management (IAM) and fraud prevention continue to seek approaches for identity corroboration that balance trust and accountability against a total cost of ownership and UX/CX,” said Ant Allan, research vice president at Gartner in the release. “Biometric authentication uses biological or behavioral traits unique to each person and offers better UX/CX and accountability than other common methods. Implementing this via smartphone apps provides more consistency in UX/CX and is technically simpler than supporting it directly on a variety of different endpoint devices.”

Last spring we covered how biometric authentication was finally starting to take hold, sharing how a pair of studies from the Center for Identity at The University of Texas at Austin found consumer favorability toward biometrics to be growing. Well, that favorability is now spilling over into the enterprise market.

One concern I have is that there may be too high a reliance and trust placed on smartphone biometric authentication. As Gartner pointed out, these authentication methods are not foolproof and can be defeated. Organizations will still need to monitor for suspicious access and potential mischief. “Midsize and large organizations looking to implement biometric authentication via smartphone apps must be aware that biometric approaches that can be readily supported on any smartphone are vulnerable to presentation attacks or “spoofing” using photos, videos, voice recordings, and so on. Therefore, presentation attack detection or “liveness testing” is essential,” Gartner said.

*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: