As we reflect over the past decade, it’s remarkable how the digital transformation has reshaped the way people work and how companies do business. Let’s take one example—your users. At one time, “users” meant employees. Users now include partners, customers, even software bots and devices. What started as identity for the workforce is now identity for everyone and everything. The corporate network perimeter has disappeared, making identity the control plane for security that now provides effective access control across all users and digital resources.
This makes identity absolutely critical to the business success of our customers. It’s not only central to security, but also to business transformation. For that reason, we want to share five areas to prioritize in 2020, and one technology to watch as you’re getting ready for what’s next. These priorities are based on many conversations we’ve had while working closely with our customers to re-architect their environments as they digitally transform.
1. Connect all applications and cloud resources to improve access controls and the user experience.
Digital natives are joining the workforce in ever-increasing numbers. They expect to collaborate on any project from anywhere using any app—and they only want to sign in once. Connecting all applications—from popular SaaS applications to on-premises applications and cloud resources—to a single cloud identity service will not only give your users single sign-on (SSO) for a better experience but also improve security.
With Azure Activity Directory (Azure AD) as the single control plane for all your apps, you get visibility and adaptive granular access controls across your entire digital estate. You also benefit from the 171 terabytes of data our cloud-scale machine learning algorithms process each day to learn behavioral patterns for each user and application, flag potential attacks and remediate them. For example, to protect users who may be at risk, you can apply simple policies like forced password reset that prevent identity compromise with minimal user disruption.
2. Empower developers to integrate identity into their apps and improve security.
Most organizations are dealing with an explosion of applications, which introduce increasingly complex security and privacy requirements. Integrating with Azure AD improves application security and privacy. But keeping up with the flood of new applications while continuing to manage an already overwhelming portfolio is a big job for Identity admins. They need help.
To be successful, Identity admins need to delegate more to their application development teams. So, we’re making it easy for developers to integrate authentication into their apps with Microsoft Identity Platform and to build data-driven applications and automation with Microsoft Graph. As an added benefit, developers can set up granular permissions that specify minimum necessary privileges for each application, so that it can only access the Microsoft Graph data necessary to complete its tasks.
3. Go passwordless to make security effortless for users.
We all know that passwords are not secure, expensive to manage, and frustrating for users. That’s why over the past two years we’ve been on a mission to eliminate passwords, partnering with the FIDO alliance and leading the charge with our own employees. The time to get ready for a world without passwords is now.
There are so many benefits to passwordless authentication. One of them, as we’ve seen from Microsoft’s own journey, is an 87 percent reduction in hard and soft costs. To help every organization get ready to go passwordless, we offer a variety of methods—from Windows Hello to the Microsoft Authenticator and FIDO2 security keys—which will work across cloud and hybrid environments. And to make it easier to get started, we’ve identified four steps to start planning your rollout based on the experience of our customers and our own IT team.
4. Enable boundaryless collaboration and automated access lifecycle for all users.
Digital collaboration, both inside and outside of organizational boundaries, has increased exponentially. Today, identity supports all your digital relationships, for example, with customers and partners or over two billion Firstline Workers who were previously excluded from the benefits of digital transformation. In the future, it will also power collaboration between people and software bots, microservices, and smart devices.
Effective collaboration requires more than simply connecting all users. It requires giving the right users the right access to the right resources at the right time. With the growth in numbers of users and applications, it’s not possible for IT to know everyone’s access needs. This is where identity governance can help. Cloud-based identity governance automates the access lifecycle through integration with HR systems like SAP Success Factors or Workday and simplifies access decisions for reviewers through the power of machine learning and analytics. It also empowers business users to manage access through access requests and workflows or delegated user management for Firstline Managers.
5. Start your Zero Trust journey to protect your organization as you digitally transform.
The customers we speak with are absolutely clear on one point: with no network perimeter, no boundaries around collaboration, and an explosion of devices and applications, the old security paradigm no longer applies. In this world, Zero Trust is both a worldview and a security strategy. It replaces the assumption that everything behind the corporate firewall is safe with three simple principles: verify explicitly, use least privileged access, and assume breach.
As Microsoft has learned from our own experience, every Zero Trust journey will be unique based on your business priorities, the technologies you already own, and the assets you want to protect. As you build on your existing investments, you can assess your Zero Trust maturity and take practical steps toward an even stronger security posture.
Looking beyond 2020, many exciting technologies are poised to change the identity landscape. I’d like to highlight one in particular—decentralized identity.
Greater verifiability and privacy with decentralized identity and verifiable claims.
As more transactions and information exchanges take place digitally, it’s essential to verify that people are who they are and that the information they present is accurate. This puts enormous pressure on organizations to validate the data that they collect while keeping it private and secure. It also requires people to put enormous trust in the organizations that steward their identities and collect personal information around them.
Decentralized identity will transform our digital interactions, making every online claim easily verifiable while giving people back control over their data. And it’s not just a concept—it’s real. Through a community effort with the Decentralized Identity Foundation (DIF), we are on the path to a new W3C web standard for verifiable credentials. And we are piloting decentralized identity in partnership with the UK National Health Service, Blackpool Teaching Hospitals, and Truu. Through this pilot, we were able to reduce the time it takes for doctors to validate their credentials from five months to five minutes, helping them spend more time with their patients.
In this new decade, as in the last, the business priorities our customers share with us will guide our engineering investments in identity. Our team’s top priority is the reliability and security of the service. Our core innovation principles remain the same:
Even though each of your identity priorities for 2020 will be unique to your organization’s goals, identity will be a critical part of your business transformation journey. My team is committed to working closely with you to innovate our products, help you design an optimal identity architecture, and quickly roll it out to your organizations. Our plans always start with your feedback, so let us know what you need to stay ahead of what’s next.
About the author
Joy Chik is a Corporate Vice President, Identity Division at Microsoft. She leads engineering for Microsoft’s multi-billion-dollar Identity business that is building greater security and mobility into consumer and enterprise technologies that billions of people rely on every day. Her team is responsible for building all of Microsoft’s identity technologies and services, including Active Directory, Azure Active Directory, which provides end to end identity and access management solutions to secure organizations of all sizes and Microsoft Account (MSA) that secures identities for almost 1 billion consumers around the world. Joy serves on the Board of Trustees for the Anita Borg Institute and on the Board of Directors of Sierra Wireless. She’s active in charities that encourage women and girls to pursue technology careers.