Over the past two years, we’ve witnessed a significant shift in the way organizations manage identities and access to critical resources. A major driver behind this change has been the widespread migration from on-premise Exchange servers to Office 365, often prompted by Microsoft’s evolving requirements. In many cases, this wasn’t a decision driven by IT departments or end users—it was a mandate.

While Office 365 provides numerous advantages, the rapid adoption of cloud solutions left little time for thorough analysis of the associated risks. As companies moved to the cloud, the focus naturally shifted to securing access, with Multifactor Authentication (MFA) becoming a key priority. For some, this meant adopting Microsoft’s built-in security solutions, while others opted for more comprehensive access management platforms that cover not just Microsoft, but multiple systems and applications.

However, this swift shift to the cloud and MFA has brought unforeseen challenges. Many organizations now find themselves grappling with access control issues they hadn’t anticipated. For instance, remote employees often retain access to corporate email, Teams, and Office documents for days, or even longer, after leaving the company—introducing significant security risks.

The Importance of Identity Data Quality in the Cloud Era

As more organizations become aware of these vulnerabilities, there’s a growing emphasis on the quality of identity data. In today’s cloud-dominated landscape, having outdated or incorrect identity information can lead to major security breaches. Ensuring that identity data is accurate and up to date is crucial for protecting both company assets and sensitive information.

At Soffid, we’ve observed that the trend is shifting once again. Identity Governance and Administration (IGA) projects, which had been delayed or deprioritized in favor of immediate MFA implementations, are now regaining momentum. IT departments are recognizing the need to rethink identity management strategies in order to adapt to new challenges.

But identity management in 2024 will not resemble what it was back in 2020. Today, organizations must adopt a converged approach to identity management, one that addresses both on-premise and cloud environments. A holistic strategy must encompass four essential aspects:

1. Who can access company resources: The core of identity governance.
2. How people can prove their identity: Effective access management.
3. How machines and microservices prove their identity: Handling the rise of IoT.
4. How we track access to critical resources: Ensuring proper auditing and accountability.

PAM as an Integrated Element of Identity Management

Traditionally, Privileged Access Management (PAM) has been treated as a standalone solution, with its own isolated identity management framework. However, this is no longer necessary. In modern identity management strategies, PAM techniques and tools should be integrated across identity governance and access management, eliminating the need for isolated PAM systems.

Companies need policies and procedures that control access to corporate resources based on the criticality of those resources, rather than relying on protocol-specific or user-specific configurations. This shift reduces complexity and enhances the ability to manage both standard and privileged access in a unified manner.

Key Shifts in Identity Management

As we look to the future, we see three major shifts in the identity management landscape:

1. MFA projects will evolve into comprehensive corporate access management strategies.
2. IGA projects are making a comeback as a core priority for organizations.
3. PAM will no longer be isolated but will become part of a broader, integrated IGA approach.

The wind is indeed shifting in identity management, and organizations must be prepared to adapt by adopting holistic, converged strategies that address today’s challenges and those on the horizon.