The rapid adoption of mobile devices and cloud services together with a multitude of new partnerships and customer-facing applications has extended the identity boundary of today’s enterprise. For the extended enterprise, identity and access management (IAM) is more than just provisioning employees with and enforcing the appropriate access to corporate resources. It’s about the ability to oversee access by a variety of populations, from employees to partners to consumers, and protect a variety of sensitive resources (including data) that may reside on or off the organization’s premises – all while helping to protect the organization from increasingly sophisticated cybercriminals and resourceful fraudsters.

Unfortunately, legacy approaches to IAM are failing us because they can’t manage access from consumer endpoints, they don’t support rapid adoption of cloud services, they can’t provide security data exchange across user populations, and offer no help against emerging threats.

We at Forrester have been promulgating a Zero Trust Model of information security. It eliminates the idea of distinct trusted internal networks versus untrusted external networks, and requires security pros to verify and secure all resources, limit and strictly enforce access control, and inspect and log all network traffic. Zero Trust applies effectively to identity as well. It requires security and identity pros to: 1) center on sensitive applications and data; 2) unify treatment of access channels, populations, and hosting models; and 3) prepare for interactions at Internet scale. Moving toward Zero Trust identity not only helps you improve business agility and achieve compliance – it even helps you enhance customer experience and deliver on your org’s API monetization strategy.