Our founder Simon Moffatt will be delivering a keynote presentation at the Heliview Identity and Access Management conference on May 23rd.
The event hosted at the Omnisport Apeldoorn arena in the Netherlands boasts a great lineup of industry specialists and suppliers from the likes of Okta, Saviynt, Beyond Trust, Okta, Trust Builder, ID Veritas, Sailpoint, One Identity, Crowdstrike and Silverfort. The full agenda is available here.
Simon’s talk will focus upon what’s coming for us in the IAM world for the next 5 years. He will take a look at some emerging trends such as passwordless, authorization and privacy – and how market opinions and events can provide some insight as to what a modern IAM platform in 2028 and beyond may look like.
Register for tickets here.
Updated 26 May for Conference Retrospective
I had the pleasure of keynoting the Heliview conference this week at the fabulous Apeldoorn Omnisport centre in the Netherlands – home to a great velodrome, that even inspirsed the non-cycling experts like myself to hop on my bike as soon as I got home.
The event was well attended (over 150 attendees, with a large percentage expert IAM practitioners from Dutch and Belgium regions) as well as over a dozen specialist vendors. There was a main plenary track, followed by multiple break out sessions for smaller more interactive dialogue.
I focused my talk taking a look at what the identity landscape may look like in 2028 and beyond – using several of the research polls The Cyber Hut conducts on a weekly basis via our social networks.
Clearly 5 years is a long time in any technology sector, and identity and access management is certainly no different. We are currently in a period where IAM is so critical to many different aspects of both the workforce and consumer arenas – not to mention device, IoT, IIoT and pure play security use cases.
I tackled the process by asking several different questions – looking at standards, personnel, metrics, tools and technologies what we are either using currently or may start to use in the future…many with some intriguing answers.
First off was trying to see which of the big building blocks we currently use, may well cease to exist (or at least start to fade away) by the end of 2023. In honesty the results on this one were quite close – with a slight edge for on-prem directories, but even if they start to decline in net-new adoption, I would imagine they will still be with us for some time yet in one shape or another?
Next up was more an organisational question – and one which I ask many times at different conferences, workshops and inquiries: do we need a chief identity officer within the board room? 61% say we did from 84 respondents – but many of which were practitioners too. It’s an interesting topic – and one which is currently being fulfilled by the CISO essentially outsourcing the knowledge and guidance function to advisory firms. I have performed many of these functions myself – be it for enablement, metrics management, architecture review and strategy design. IAM is becoming more important and the board level does need to have IAM awareness – but of course that could easily come from a CISO, CISO or even digital leader.
A more immediate and technology focused question looked at passworldess. With the rise of WebAuth and passkeys, we have tools now to help rid the world of the password. Yet adoption is low, but with improvements to integration and coverage, the next 18 months should see a large uptick in password-free logins for both employees and consumers.
Privacy is another relatively controversial arena – one were we see a conflict between protection and personalisation. We all want privacy (and the poll results indicate we would pay for it) yet our behaviours online are often irrational – where we often share more data than necessary.
My final question was taking a look at AI/ML – which I would say at the recent RSA Conference in San Francisco last month, overtook zero trust as the most popular buzz word combination.
Identity in general does seem to be heading to being a “big data” problem – with vast amounts of information and automation being combined to provide better insights and risk reduction measures than previously observed.
So 2028? I would imagine passwords would be fading away, AI/ML will be heavily utilised within central control planes for authentication and authorization, identity threat analysis would be common and highly automated and privacy will be a competitive differentiator for many consumer facing systems.
A final input into this discussion, was when I asked the audience what they thought! This is a word cloud of their responses (91 responses from 67 voters):
