***Editor's Note: If you like this article, make sure to attend this Wednesday's
SOA Security roundtable with one of the top analysts in the security industry,
Mike Rothman. One of the feature topics will be how to leverage SOA with existing
identity and access management. Don't miss the can't-miss event by clicking
Everywhere in the world information fraud is on the rise driving banks, businesses
and online merchants to renew their focus on identity and access management
(IAM) during 2008. Here are five IAM trends to anticipate for the coming year.
1. User Centric ID Management - More Control of Who Goes Where in the Network
No longer focused purely on the perimeter and keeping people out, security
and IT departments will become more focused on controlling who is accessing
what information in the network. This will lead to more detailed IAM policies
and a more stringent focus on user centric identity validation. A shift will
take place toward looking not just at a valid user name and password, but also
whether they have additional online credentials that prove that they are the
actual owner of the online account or have the right to access the online portal.
In parallel, validation will move beyond just perimeter control. It will go
on to control what specific information users can access. To achieve these policy
goals, strong authentication will become even more tightly integrated with the
network security infrastructure and part of a consolidated identity and access
management solution as companies act on what they already know--that single
factor, password-based access control is outdated.
2. Consolidation of Point IAM Solutions with SOA Models
Many organizations are running multiple solutions for authentication, password
management, identity and access management. This can expose enterprises to fraud
and information leakage, with fraudsters targeting the weakest link in the solutions
suite. Many of these companies will want to reduce the risk of fraud and information
leakage by consolidating these systems into an overarching service-oriented
architecture, which will also make management of identity and access policies
easier. Analysts recognize the importance of identity validation services as
being essential for fighting fraud and building online reputations.