IAM Trends 2024: AI is Changing Identity Verification
Identity and access management (IAM): data sovereignty is gaining in importance and digital trust in collaborative networks will determine growth.
Danny de Vreeze, VP IAM at Thales, looks into the crystal ball and makes 7 predictions on the development of identity and access management.
AI will change the conditions for identity verification and ensure legislation
The growing potential and importance of AI in 2023 can hardly be overlooked. It is already making rapid progress with data analysis, image generation and all kinds of other processing and cognitive tasks. When these capabilities are applied to identity verification, new fields of application emerge. One example of the disruptive power of AI is the management of passenger flows at airports. AI can be used here for identity verification at electronic gates. The proliferation of artificial intelligence, combined with a future where people increasingly identify and verify themselves digitally, is likely to give rise to new threats and techniques for counterfeiting and impersonation. 2024 will be the year when AI is used to circumvent identity technologies at will. This will lead to a proliferation of tools that can recognize AI and its markers, as well as calls for new laws to address the risk of counterfeiting.
Passkeys will dominate digital banking in 2024
In the coming year, synchronized passkeys will become established across all industries. This will drive the financial sector, especially banks, to introduce more passkeys in line with market demand while maintaining the level of compliance and security in digital banking. The challenge for banks is to do this efficiently and compliantly with emerging standards such as PSD3, which require multi-factor authentication and often rely on tools such as hardware tokens. Banks will address this challenge by investing in device-linked passkeys as opposed to synchronized passkeys to ensure similar benefits such as security and ease of use.
Validated ID and attribute providers will drive zero-knowledge protocol and ‘trusted’ user identities
In 2024, the major providers of identities and their attributes will enter the scene and drive the ID market forward with services such as better privacy protection, personalization and differentiated access to resources. As ID cards evolve, people will increasingly rely on ‘trusted identities’ for basic verification and access in everyday life – take identity wallets, for example. By 2024, all EU member states must provide every citizen with a digital identity wallet that they can use for both online and offline services in the EU. Digital ID wallets will give users more control over sharing granular and personalized access to attributes with service providers. Proof of zero trust will become increasingly popular, opening the doors to mandate registration and commercial business opportunities for data providers.
Data sovereignty gains in importance
GDPR continues to set the standard for data storage and processing at the regional level, however, by 2024, the demand for this control will increase in the US and Canada. Organizations will meet these demands at the enterprise level by implementing strong data encryption methods, including bring-your-own-key and hold-your-own-key capabilities. At the individual level, users will benefit from more ways to consent to the use of their data, zero-knowledge proof and more. There is more movement on data privacy in the US in particular, and this will also impact data sovereignty in discussions with legislators.
Developments in digital currencies
Both digital identity and currency technologies and related agreements are advancing. This year, Apple expanded its existing partnership with major US bank Goldman Sachs, launching a new high-yield savings account accessible via Apple’s own credit card and offering deep digital wallet integration. This was just one of several financial offerings the company has announced this year – not to mention companies like Google, which has already had an EU-wide e-money license since 2019. The European Central Bank is accelerating its digital euro project and the US government is pushing its own currency as part of “Project Cedar”. Therefore, the environment is ripe for a major breakthrough of this type of currency in 2024.
Encryption and signing keys will have their importance for identity and data security in 2024
Data sovereignty is a growing concern for all types of global organizations – discouraging them from moving to the public cloud, especially if they are based outside the US. At the same time, we are seeing tremendous growth in the use of signing keys for both passwordless identity verification and encryption. In 2024, more centralized key management systems will come onto the market. They will be tightly integrated with public cloud providers, helping to remove the barrier that currently exists for many organizations to fully transition to the public cloud. By giving organizations greater control over the entire lifecycle of their encryption keys, companies can provide their customers with the necessary guarantees for the sovereignty of their data.
Digital trust in collaborative networks will be critical to business growth and success
Collaborative networks are widely used in modern manufacturing business models to support today’s fast-paced innovation and complex supply chains. Efficient and secure management of different levels of trust in collaborative networks is critical for product development and time-to-market. The user experience for consumer identities and business-critical identity proofing and verification in banking is a model for secure B2B identity management across all industries. The goal is to enable secure, streamlined and passwordless onboarding and authentication of different users in collaborative networks. At the same time, risks are to be minimized and business continuity and its success accelerated.