Where is Identity Headed in 2019? My Top Five Predictions

It’s the “trends and predictions” time of year — all kinds of lists for all kinds of industries. Lest we neglect the identity and access management sector, I’ve got my own list of five predictions. As a sign of the times, you’ll see that most of them point to heightened challenges in the wake of recent record-setting numbers of cyber-attacks.

From a gaggle of breaches — thousands of major ones a year, at least two or three annually for most organizations — the trade press and analyst circles have rightfully gone into lessons-learned mode. Against that backdrop, I’m hoping my predictions will nudge the discussion forward — to the inflection point where we take those lessons learned and use them for concrete action!

Authentication will rise with the demand of zero trust
Just as 2017 became known as the Year of the Data Breach (as Bloomberg called it), 2018 was the year where Zero trust security models took center stage as a viable security and identity management response. Now everybody’s starting to realize zero trust has zero value unless it’s backed by strong authentication. Without mature authentication, identity management and Privileged Access Management (PAM) that’s scalable and dynamically adjusts based on policies, it’s hard to apply zero trust without slowing down the speed of business. That’s why we’ll be seeing more and better authentication solutions to prevent zero trust from operating at zero speed.

Social media fraud and political meddling will continue unless providers get serious about authentication
This deserves to be its own list item, given the global scale of adoption and the outsized role authentication plays in social media —- identities don’t just get stolen, they’re also replicated, made up, curated and endlessly morphed for fraud, election tampering and other purposes. How can we afford not to get serious about authentication? And it’ll take more than just voicing support or joining an industry consortium. Signs that a company is serious include deploying standards and making them mandatory, support for legislation and embracing transparency by sharing actual metrics and other data.

The variety of biometrics will continue to grow
The industry will keep churning out new forms of traditional and behavioral biometrics, thanks to a confluence of technical innovation and evolving standards like FIDO that simplify and streamline how biometrics are used in all kinds of industries. As this continues, businesses will have more and more options and we’ll get closer to a plug and play level of interoperability — think of how your blender, toaster and microwave can all operate on the same kitchen power strip and you begin to see what’s possible.

The global regulatory environment will become more challenging.
If strong authentication and other cyber protections don’t seem like a good business idea by now, they will after you remember how upwardly steep the curve toward regulation has been. And given rising complaints and the number of breaches, there’s no sign of it slowing anytime soon. You’ll see more data privacy protection as was done with GDPR. While this is a great progress, we’re going to see more challenges in the form of stronger enforcement, steeper fines and more demands for company data.

The sports and entertainment industry will continue to be a growth area for biometrics
This final prediction comes not just from the market trends we’re seeing, but also personal experience. As I saw firsthand from the misery on my teenage niece’s face at the box office window when she learned the ticket she bought online was a fake — valuable experiences can be stolen, just like valuable products or data. Not surprisingly, biometrics in both sports and entertainment will keep rising. Whether verifying identity for entry and seating, or age for drinking alcohol, entertainment venues and systems have a host of use cases just waiting for strong authentication to solve.

These are the dynamics that will more or less shape the industry in 2019. And while it’s impossible to predict every development or impact, I’ll consider this post a success if we can at least shift the focus onto action — new levels of commitment to put ideas and lessons learned into practice for better authentication and identity management.