Lasse Andresen
May 25, 2023

Time to evolve IAM: moving on from fortress mentality

Time to evolve IAM: moving on from fortress mentality

Recently, at the 2023 European Cloud Conference (EIC) in Berlin I shared my biggest fears - nightmares even - of what can happen in Identity and Access Management (IAM). While most of these were a little cheeky, my true biggest fear is that we as an industry don’t shift perspective and rise to meet the challenges of the market. 

The market demands products that protect the customer and their privacy, while enabling great experience. The market also requires efficiency and innovation to remain competitive and grow. 

For too long, we have focused only on protecting the customer and neglected the rest. And with good reason, the number and cost of breaches are staggering. In 2022, there were over 4100 global data breaches with an average cost of 4.35 million dollars. Totalling that up is nearly 18 billion dollars. 

That is more than the GDP of some smaller nations. 

The topic of security is and should always remain top of mind. Building trust and loyalty with customers is critical–it’s the lifeblood of a business. And it’s challenging–far more challenging than even the most complicated workforce IAM implementation. The customers of today are savvy and have high expectations. Their worlds are complex and unique, interconnected and dependent on devices, systems and other people. 

So when we implement products mostly focused on preventing breaches, we are missing out on a huge opportunity. We have treated it as an insurance policy - rather than as a key and enabling part of the business. 

If we begin to look at the opportunity that lies in our identity systems, we will actually get–rather than just saying it– ROI on our identity programs. Not just in cost prevention, but from true value creation. 

So my challenge to the industry is this: we must start thinking about more than just security when we think about our identity fabric. 

If we think about the amount of opportunities out there for us to tap into - things like cars, families, friends, bank accounts, points of sale, payments, add on devices etc - the opportunities are somewhat endless. 

But can current technology get us there and harness these opportunities? I don’t believe so. Existing technologies were not built for the complexity of the modern interconnected world, or for the connected lives of our customers. 

Trying to incrementally enhance existing solutions–especially solutions built for workforce IAM–will not go far enough. Taking little steps in our already too small shoes will not catch up to the market sprinting head. 

To get around the limitations of current technology, many have built complex authorization logic directly into applications. However this is, as we Norwegians say, ‘å tisse i buksene å holde varmen’ (wet your pants to keep warm), i.e. not a great long-term solution as you will have issues with scalability, consistency and flexibility. 

I believe the answer lies in externalizing authorization logic with a data model that can handle the complexity of the modern world. Data models that are flexible, scalable, allow adjustment as you grow and surface the data to be queried across business lines.

When we view IAM from the perspective of connection, rather than a fortress, it becomes a powerful business enabler that can solve a multitude of challenges.

Keep updated

Don’t miss a beat from your favourite identity geeks