2022: A Year in Review

Although it has been an amazing year professionally and personally, many parts of the world still suffer from the conflict, pandemics, and cost-of-living crisis. We can hope that 2023 will help us all to deal with the larger problems we will be facing in the months ahead.

I'm going to do a retrospective on 2022, including some stories and comments. Most months, I host vendor and supplier webinars. These webinars are usually focused on the buy side advocacy narrative. They meet with emerging access management suppliers in an industry "fireside chat" style to discuss solutions, thought leadership points, and emerging practice. "It's Not Me, It's You: Why Consumer Identity Hates Passwords" was the webinar that attracted most attention. Although this event was held with Transmit Security at the end 2021, it received more than 400 registrations. The reason for its popularity? The popularity of passwordless authentication is a result of increased funding and demand over the past two years. Organisations like Transmit and Secret Double Octopus have seen a significant increase in their demand. Many of these organisations, including Transmit and HYPR, Secret Double Octopus and tru.io, are trying to solve security and usability problems using one solution. They often rely on biometrics and FIDO, and FIDO2/WebAuthn. The article titled 'How Identity & Access Management Industry Is Unbundling' was the most popular piece of open-source analysis. This article, which was 4 minutes long, discussed how IAM may have begun to lose its 'platform advantage'. It allowed for more specialist providers to gain market share in areas such as authentication, access control and threat detection. These new markets or the increased interoperability, API first integrations, and an emphasis on dataflow may be allowing for a more decoupled approach IAM that is more flexible, secure, composable and easily used. A comment on the US Department of Defense's recent reference architecture for zero trust was the second most popular article. The Week in Identity podcast was launched in June. This podcast features industry analysts commenting on current vendor news, funding and industry events. David Mahdi, an ex-Gartner analyst, hosts the podcast. The community has been supportive and generous with comments. We are grateful to everyone who listened and participated. Episode 13, which was recorded in November, was the most popular episode so far. The episode covered the announcement by Thoma Bravo, a private equity firm, of ForgeRock's potential acquisition for $2.3 billion. The deal is expected close in early 2023. David and I gave a thorough analysis of the acquisition from the perspective of integration options with other Thoma Bravo portfolio businesses and the potential impact to the rest of market. The Cyber Hut frequently polls LinkedIn for feedback on thought-provoking topics throughout the year. These results are often used to create the basis for open-source analysis articles and a podcast. The most popular poll, which was actually spread over four weeks, was the one that asked where key identity and access management components were deployed. The four main IAM areas were: consumer, privileged access management workforce access management and identity governance. A number of interesting results were collected for an article that was published in November. In an article published in early November, the deployment models of many IAM services were described. They covered everything from on-prem to managed services and SaaS. In 2022, I received hundreds of inquiries calls. These were either retained services for long-term clients or one-off pay as you go calls to market financing research firms, venture capitalists, and private equity. Research on emerging trends and research about specific vendors were the two main topics. Both passwordless authentication (or external authorization) were top of the list from an emerging trends perspective. We will be discussing details on use cases, drivers, capabilities, head winds, and tail winds, as well as detail about the drivers and potential uses. Ping Identity and ForgeRock were the most well-known vendors among the established 'big six' of Okta and CyberArk and Sailpoint. A two-day online masterclass on technology and consumer identity was most requested. It was held in February. The masterclass was based upon the Amazon bestseller Consumer Identity & Access Management Design Fundamentals. It attracted more than 200 students. We only had the capacity to train 50 people in February, with another session scheduled later in 2018. There has been a significant increase in training on identity in 2022. As a result, some additional courses are being added to 2023. These include Authentication Design & Management as well as Designing Identity for Zero Trust. Both of these courses will be available in recorded and live formats in Q1 and beyond. *** This is the Security Bloggers Network syndicated Blog from The Cyber Hut, authored by Simon M.