I’m excited to share a little glimpse into The Cyber Hut’s primary research diary for the rest of this year.
|Primary Research Title||Focus||Estimated Release|
|How To Kill The Password||Technical overview of passwordless technologies. Market overview and vendor analysis of the top 12 passwordless solution providers. Emerging trends. Sample architectures. Use case analysis and requirements. Migration approaches. Barriers to adoption||Q3 2021|
|Why Zero Trust Needs Authorization||Emerging patterns within the authorization market. Integration of identity based security as a foundation of Zero Trust. Analysis of 6 authorization startups. Use case evolution. Architecture examples.||Q4 2021|
|Funding and Market Activity within Digital Identity.||A review of funding, market changes and acquisitions within the employee identity, consumer identity and privileged access management spaces between Jan 2020 and June 2021.||Q4 2021|
How To Kill The Password
The password is dead. Long live the password. For the record, the password isn’t dead. Very much far from it and alive and kicking. I discussed last month how both barriers for the end user and the application owner are potentially hindering a migration to the brave new world of WebAuthn, biometrics, voice authentication and others.
In “How To Kill The Password” we will explore the emerging patterns and architectures within the passwordless vendor space. What are they trying to achieve? Why is it different? Why is it important now? What are the barriers to adoption of passwordless and how can they be overcome? Vendor briefings and primary research will be taking place over the next 8 weeks.
If you are a vendor, systems intergrator or industry practitioner – get in touch. We will be issuing questionnaires in the coming weeks which can be completed anonymously with respect to deployment maturity and architecture choices.
Why Zero Trust Needs Authorization
Zero Trust. The buzziest of buzz words. We certainly need more of those. Alas, we do actually need zero trust. Whether you believe that to be some magic new silver bullet piece of software (it isn’t) or a way of modernising security controls to be reactive, resilient and future proof (<- very much this) zero trust is here to stay. However, many architectures are focused on the shifting patterns of network architecture. What is required is seems is a foundation of identity for the authentication of entities and devices. However, security only really starts once authentication ends. So what comes next? Authorization. Real time, distributed and adaptive authorization – governing through a reference monitor who can do what, when and why. The authorization market is undergoing a period of disruption with numerous startups receiving funding over the last 18 months. Many of whom are attempting to tackle the issue differently that previous role based access control vendors. Some are tackling the authorization problem through data vaulting and encryption; some via authorization as code; some via run time data redaction. The theme is clear though: authorization is critical for PII protection, eCommerce, data portability and retail. We will review the top 6 emerging vendors and discuss their architecture capabilities.
Funding & Market Activity Within Digital Identity
Towards the end of the year, we will produce a long read report digesting the main financial activity within the digital identity space – both for consumer and employee identity vendors as well as the more overlapping privileged access management space. We will cover primary funding (series A-F) as well as mergers and PE buyout activity.