Perspectives on Authorization in 2024 with David Brossard
David Brossard discusses some access control highlights in 2023 and what his predictions are for access control and authorization in 2024.
I recently sat down with David Brossard, Chief Technology Officer to discuss some access control highlights in 2023 and what his predictions are for access control and authorization in 2024.
What were the biggest moments in 2023 for access control?
There’s been a lot of big moments for authorization in 2023. You saw this reflected in some of the major industry events as well – panels and keynotes saying authorization would be a major trend in 2023.
That said, though there is more of an understanding now around how critical authorization is, enterprises are still struggling to implement external authorization solutions and adopt policy-driven authorization.
Another big moment was the Zero Trust mandate that was released from the White House. Mandates and executive orders have an outsized influence in how everyone – federal agencies, private enterprises, consumers – views cybersecurity. As we see tighter regulations around what happens after a data breach, with clear liability and accountability timelines, I think 2023 marked a shift in what we expect in terms of how organizations handle both our identity and our data.
I think a great example of the changing attitude toward breaches is what’s happened around the various Okta breaches this year.
Yes, they have had multiple breaches, but not all of them were related to failures in Okta’s technology. To write off working with Okta out-of-hand as a result of these breaches is a knee jerk approach.
For me, the right way to view a breach is to understand that most are simply a matter of opportunity and value to the attacker. The criteria isn’t “were you breached,” rather, it is how the company dealt with the post-breach fallout.
I’d also be remiss if I didn’t mention the additional language that came out this year, which was Cedar from AWS. This validates the importance of having a structured and defined language to drive successful authorization initiatives, which is also something Axiomatics continues to advocate for through the evolution of ALFA.
What are your predictions for access control in 2024?
I predict that more laws, legislation, and regulations will come out around cybersecurity, which will change how companies and vendors both prioritize and execute on access control strategies.
Another thing that I see happening in 2024 is more vendors leveraging AI to create a better user experience.
That said, there’s still more hype than pragmatism around AI, so I believe we’ll also see broken trust around AI as if it isn’t implemented thoughtfully, it can increase risk.
On the flip side, I think some of the potential risks around AI will drive further need for and adoption of policy-driven authorization. We will need to adapt not only to the opportunities afforded by AI, but also to how it can be leveraged as a threat, which I think will be by having multiple layers of security, different checks in place as well as adding multiple attributes. That will create a more adaptive layer of security instead of one thick wall that bad actors leveraging AI can go around.
I believe we will also see authorization continue to grow from both the development and business side in the next year. Though there are some who see the value around authorization, we’ve not yet scratched the surface in terms of adoption.
What will be the next big thing in 2024?
While 2023 has shown us the vast opportunities that can be afforded by AI, I believe in 2024 we will see the more sophisticated ways in which bad actors can leverage AI. Bad actors are going to work faster than the good guys when it comes to AI and they will exploit a lot of vulnerabilities around it. There are some basic things hackers and others can do such as poisoning AI research, which can ultimately change the outcome of AI.
This becomes lethal as AI is used more to generate code. As more people use AI to generate code then you get AI generated code that could include these vulnerabilities. These can go undetected as we put too much trust in AI to generate the results, opening us up to more risks.
What do you think?
What’s on your authorization wish list in the year ahead? Read more on:
- Streamlining recertification and access reviews
- Modernizing your approach to Zero Trust
- Optimizing your IGA investment with Authorization
Ready to start your authorization journey ahead of 2024? Request a demo with one of our solution experts.
Join us on LinkedIn for more insights