Organisations will see that two-factor authentication is not enough
Despite the entire world understanding that they need more than a username and password to protect against the misuse of stolen credentials, the majority still remain inadequately protected. The problem is that the world is moving to implement an outdated and reasonably unsuccessful solution, two-factor authentication (2FA), yet in terms of assets protected, user experience and one layer of protection, it is reasonably easily circumvented. Unless companies take a more layered approach around determining identities with confidence, bad actors don’t need to do much more evolving, as they can simply use the methods they use today to circumvent simple second factors.
We may also see business owners drive towards more consumer-led portals where companies protect the identities and experiences of their customers. These portals will also morph more towards adaptive and risk-based techniques rather than simple 2FA due to the ease of attacks we have seen in 2016.
Companies will move towards passwordless authentication
To achieve passwordless authentication, companies should first start with an honest assessment of what their users want. When you consider the fact that this technology has been in the market for 15-20 years, and only spans across 56% of company assets, implementing an updated technology that has been specifically designed with today’s user in mind makes a lot of sense.
As a result, we’ll continue to see adoption of biometrics in 2017, as an even easier way to confirm ‘what you are’. They we also be applied more in the context of an intersection of phone and device fraud risk analysis pre-authentication rather than simply on their own.
Hybrid cloud is the way forward
While there is no doubt cloud is here to stay and offers many benefits, part of the challenge for large enterprises is to navigate what is seemingly more a religious question of sorts (cloud or no cloud) versus finding ways to meet their needs for cloud and on-premise applications. We will see the largest enterprises moving cautiously to investigate how a hybrid solution can work for both given that many enterprises may not move mission critical applications to the cloud any time soon.
M&A will continue
There will be consolidation where possible, while orchestration and integration will be kept at a minimum. Customers would always prefer fewer technologies rather than more, and significant problems are not necessarily well solved by those vendors that offer more. So while I expect to see significant M&A activities, vendors must also develop more to standards, API integrations and workflows that solve business problems across siloed security technologies.
Stolen credentials will only increase
While there are many security challenges organisations need to address, the problem of bad actors walking right through the front door with stolen credentials is significant. Preventing the misuse of stolen credentials solves more of a business and security problem than a security problem alone. No matter what the level of education and technologies involved, bad actors can still dupe the best of us into sharing credentials.
