We are more online than ever before, with more of our lives online than ever before. Interaction after interaction is moving from the physical realm to the virtual. I love a good wander through the supermarket isles but even I have switched to ordering groceries online (along with everything else I need). Based in Norway, I don’t pay cash (haven’t used cash in an incredibly long time) and don’t own a printer anymore. Everything is online and if it’s not now, it will be soon.

Our personal and identity data is collected by practically every service or product we engage with and spread around the far corners of the online world.

This data is gold both for businesses and malicious actors. For businesses, this data can create the opportunity for tailored services, upselling opportunities, and value creation. For attackers, this data is a gold mine for system exploitation, onselling and lateral compromise.

Identity data is by far the most common type of data targeted by malicious actors and the effect of a breach can be crippling for individuals and businesses. Identity is also the main culprit or at least a significant factor in how most attacks are carried out: compromised credentials, phishing, business email compromise, and social engineering, all feature identity as the attack vector or enabler.

Protecting this data is critical to the security, not just of the PII, but also of systems and intellectual property.‍

The new perimeter

‍In the past, network security was defended at the perimeter. Now with increasing remote workforces, bring your own device (BYOD) and the rise of IoT and smart devices, the boundaries for conducting business have greatly expanded, as has the attack surface. To manage this, many organizations are moving to a zero trust model that restricts unauthorized access from outside but also from within the organization — making identity the new perimeter.

With identity at the heart of the threat landscape and also the key defense focus, Gartner has named identity-first securityone of the top security and risk management trends. Identity and access management systems must evolve to enable the right individuals to access the right resources at the right times for the right reasons.
‍

“Today’s cyber threats are increasingly sophisticated and implementing identity-first security frameworks to authenticate and validate all digital identities — both humans and the machines — is now table stakes for every organization. The consequences of not prioritizing digital trust are dire, especially as we forge ahead with hybrid-multicloud, decentralization, and Web3, and as quantum computing inches closer to reality.”

‍David Mahdi, Chief Strategy Officer and CISO Advisor, Sectigo.

Establishing digital trust is the cornerstone of access management, but this trust must be maintained and consistent throughout the user experience.‍

Orchestration for Web 3.0

‍Orchestration provides a consistent privacy posture across every client interaction, touchpoint, and jurisdiction. It simplifies and automates authentication, authorization, and risk policy decisions for all user types across all interactions and surfaces. Not only is this important for maintaining security, but also for user experience, scalability, and flexibility.

Siloed authentication services and vendors and fragmented digital identities undermine these business drivers.

Connected, interoperable, and context-aware identity services will increasingly deliver value and eliminate unnecessary barriers and friction.

This will become increasingly important as Web 3.0 brings a host of decentralization and users take back control of their data, and billions of devices come online and also require identity management.

We need to re-think IAM to achieve an orchestrated user experience in Web 3.0.

Also published here.