The unspoken problem with Identity, Authentication & Access
The underbelly of the identity ecosystem describes the core problem - a cost structure that is unsustainable , an ever-growing requirement for new services, providers that are reticence to change and a reliance on a system that is broken due to the ever changing role of identity and business models.
Organizations can continue to patch a broken system for user verification, authentication and access; by updating their risk models via adding information from contextual engines, AI and ML solution, they can deploy new applications to enhance their current identity layer, they can add more complex firewalls and increasing the expense for more security personnel, or they can face the reality of the situation and address the core problem - any security postures that relies on user name and password is weak and will fail -it is like building a house on a weak foundation.
Organizations are at a decision point, the same way that some retailers have decided to walk away from cash transaction and embrace a cashless systems - organizations must make a decision do they walk away for a user name and password strategy or migrate towards new authentication models that no longer rely on the use of user name and password, but create a ubiquitous methods for authentication and access that rely on strong digital identities.
And I hear the arguments - the technology is not mature, the cost is great , we have no budget, etc.. well, the continuing use of passwords across the enterprise only increases their risk profile, which in turn increases their hidden investments into security products and services (usually request that are driven by an event, and they bypass any budget process) and still does not provide any solution to their problem, which is the ongoing data breaches and releases of information due to phishing, behavior or brute force attacks to the weakest link of the authentication and access layer - human interaction.
As organizations implement their 2019 budgets - they must realize that a change is coming - due to the consumerization of the IT services, end users are expecting seamless transactions to access information both in their personal and professional lives - and they will achieve such easiness by either reusing current credentials or embracing new methods, it is all up to the organizations to decide which is a better investment - continue the path of password, risk models, siloed identity services or one that is decentralized driven, passwordless and prepares them for a secure future at the edge of the enterprise.