IAM and Data Leakage Prevention services are gaining momentum

From the start of the COVID-19 pandemic times, the demand for the visibility of identity & access management (IAM) has increased as high priority in getting remote access secured and the increased protection needed around digital transformation initiatives. With the rapid growth and pace of digital business, IT leaders now recognize the importance of IAM. As a result, demand for IAM and digital identity technologies has increased significantly, along with rapid investment.

The access management market is expected to reach $19 billion in 2024, up from $13.7 billion in 2021. Yet, with the flurry of investment and development of existing IAM technologies, not all technologies are ready for production; some will require more extensive proofs of concept. With this the environments become more digital and cloud-enabled, IAM leaders need to ensure that they can manage the increase in volume and velocity of machine identities required to support digital business needs.

At the same time, as more companies encourage employees to work from anywhere, on any device, data loss prevention (DLP) is rapidly evolving from nice-to-have to must-have. In the past DLP was associated with complicated deployments and pervasive operational management issues, but DLP is more strategy than product, so success depends on methodology and execution. Machines such as servers, cloud environments, RPA and applications all require digital identities.

These digital identities will enable IAM leaders to apply the most appropriate security policy to manage and control all of these entities. Experts say the implementation of DLP is often seen as a challenge, and inconsistent data loss prevention policies can hamper usual business activities and DLP cannot stop all attacks and nor can it mitigate the risk of poor business processes. A DLP program is a risk reduction, not a risk elimination exercise.

The COVID-19 pandemic has accelerated the need for robust identity proofing in digital channels and also prevented many of the in-person interactions where identity proofing has typically taken place. Furthermore, organizations have elevated their digital transformation initiatives, and with that so has the need to know who is really on the other end of that internet connection. Gartner predicts that 80% of organizations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30% today.

For many years, the foundation of online identity proofing has been a data-centric approach. This involves checking the identity data (e.g., name, address, date of birth, social security number) entered by a user against sources such as electoral records, credit bureau data and census information. The identity assurance achieved with this capability used in isolation is relatively low, as there is no assurance that the user entering the data is actually the owner of the identity.