IAM at 2035: A Future Guide to Identity Security.
Identity is more vital than ever before. Empowering organisations to improve productivity, security and revenue. However, it is fragmented and has become an attack vector for adversarial activity.
After 250+ interviews over 2 years, with vendors, consultants and practitioners, the author of CIAM Design Fundamentals Simon Moffatt has embarked upon a new project:
To describe where identity may end up a decade from now.
1: IAM Where We Were
A look back to IAM from 2000 onwards, primarily as a B2E compliance initiative.
2: IAM Where We Are
IAM is now foundational for employee productivity, employee security, customer engagement and customer privacy.
3: Increase in Identity Types
We now have to consider delivering solutions for employees, customers and non-humans too.
4: Increase in Capacity
The volume of identities has increased as has the throughput and capacity requirements.
5: Increase in Objects Requiring Protection
The assets and objects our identities need to access has increased hugely – from APIs, to AI data sets and infrastructure.
6: Deployment Inconsistency.
Our IAM components are no longer on premises – we have hybrid cloud, SaaS and containers to support too.
7: Identity as an Attack Vector
Adversarial activity from both internal and external actors is targeting all facets of the IAM life cycle.
8: App Agility Reduction
Our application and service deployment processes are being limited by poor IAM.
9: Business Agility Reduction
As our apps and services are becoming slower and more fragile to deploy, the business suffers.
10: Tech Efficacy Reduction
Regular swap outs, tactical solutions and lack of IAM technical strategy becomes common.
11: Risk Increases
A lack of visibility, observability and security controls assurance sees business risk rise.
12: Organisational Framing
Let us understand the future business problems for greenfield and brownfield ecosystems.
13: Innovation Inflection
IAM progress is sitting in two camps: incremental and radical.
14: Vision
Using Models, Matrices and Assumptions we build a framework for a possible new IAM world.
15: E2E Interaction Assurance
Analysis of the functional and non-functional opportunities needed to support intent and attribution for a broad spectrum identity risk model.
16: Conclusions
A discussion on how both industry and solution providers can get there.
Praise & Comments from Industry
“In today’s cloud-driven world, identity is the new perimeter. Effective IAM strategies are no longer a luxury but a necessity to secure access, ensure compliance, and empower business innovation. Simon provides invaluable insights in this book to navigate this critical and evolving domain.”
Shashwat Sehgal, CEO
“IAM at 2035 A Future Guide to Identity Security is a timely and valuable contribution to the IAM community—especially at a time when knowledge gaps are slowing innovation adoption. The book is a powerful distillation of decades of trial and error, hard-learned lessons, and achievements in the IAM industry. It offers a clear-eyed look into the future of identity security, providing practical guidance for leaders and decision-makers preparing to tackle tomorrow’s challenges. A must-read for IAM and cybersecurity practitioners.”
Art Poghosyan, CEO
“To meet the challenges of today, we must better understand what tomorrow will look like. This book explores how IAM must evolve to balance agility and risk—navigating past foundations, today’s complexities, and the innovations needed to secure the future of identity in 2035.”
Rom Carmel, CEO
“Identity is simultaneously a powerful productivity enabler and huge security risk. The future of identity security does not force a compromise between these truths. It drives productivity and automation outcomes while also making companies more secure. ”
Alex Bovee, CEO
“Simon’s guide on the future of identity security offers a profound perspective, seamlessly balancing the harsh realities IAM teams face when implementing controls with the relentless pace of innovation shaping our industry.”
Bojan Simic, CEO
“Simon cuts through the noise to reveal what truly powers the digital world—identity. In an era where machine identities drive everything from cloud security to agentic ecosystems, understanding identity isn’t optional; it’s essential. This book is a must-read for anyone serious about grasping the past, present, and future of identity in our identity-driven world.”
Ido Shlomo, CTO
“In the realm of cybersecurity, managing identities effectively is paramount. This book sheds light on the intricacies of IAM, making it a must-read for professionals aiming to fortify their defenses.”
William Lin, CEO
“In ‘IAM at 2035: A Future Guide to Identity Security,’ Simon offers a compelling narrative on the state of identity and provides a roadmap for navigating the complexities organizations will face in the coming decade. His keen insights make this a must-read for professionals seeking to retool IAM for competitive advantage.”
Hemen Vimadalal, CEO
“The industry has agreed for years that identity is the new security perimeter. It is clear that identity management must evolve into the driving force to defend this perimeter, but this evolution requires a deep reflection on IAM’s evolution to respond to these new challenges. As IAM is a strategic program, one must look to the future to make the right choices today. In this book, Simon provides a very clear understanding of the evolution of different needs and offers a realistic vision of what an IAM program should be by 2035.”
Sebastien Faivre, CPO
“After years of refining best practices in identity and access management, I’m thrilled that our industry finally has a comprehensive book that explores identity-related topics in such great depth. This book is an essential read for security and platform engineering leaders and practitioners alike.”
Ev Kontsevoy, CEO
“Simon delivers a compelling deep dive into the past, present, and future of identity. This book isn’t just a forecast—it’s a wake-up call for leaders navigating the ‘everyone is privileged’ reality of today, and a ringing endorsement for innovation and Zero Trust adoption.”
Tim Prendergast, CEO
“The book reminds me of Guns, Germs, and Steel, in which the history of its origin cannot be ignored when contemplating an identity vision for 2035. The modern world has become more complex, and that complexity will only continue to accelerate. Rethinking a vision that anticipates this dizzying pace while simultaneously grounding it in the fundamentals of identity design provides a crucial model that enables agility, adaptability, and evolution.”
Peter Barker, CPO
“Simon challenges the common notion that identity security can be dispersed across multiple siloed IAM and point solutions. ‘IAM at 2035’ gives identity the place it deserves as a critical component of our hybrid environment that must be secured across every authentication and access attempt, whether human or NHI, cloud or on-prem.”
Hed Kovetz, CEO
“A must-read for anyone in the identity space. An insightful look ahead grounded in over 25 years of Identity evolution history”
Marco Venuti, Identity Executive
About The Author
AbouT
Simon is founder and research analyst at The Cyber Hut. Sought after as a keynote speaker and strategic advisor, Simon is a 2-time author, Fellow of the Chartered Institute of Information Security and commentator on emerging security.
CISSP, CEH, CCSP, PG.Dip
Experience
-
~25 years in IAM and Information Security
-
15+ years working for software vendors in leadership roles
-
4+ years as a researcher and analyst
research interests
Identity Security, Attribution, Disinformation Protection, Authenticity, Confidential Communications