How will information technology and the surround of digital security develop during the course of 2025? One person taking a look into the digitalized crystal ball is Paul Walker, field strategist at the firm Omada.
Walker’s assessment suggests the three key trends relate to improving access controls, improving decision making, and enhancing operations through a proactive approach.
Prediction 1: A Shift Toward Stronger, Smarter Passwordless Authentication
In terms of gaining access to systems and demonstrating ownership, Walker finds: “We may finally see a shift from the longstanding practice of forced periodic password changes as IT departments worldwide adopt guidance from major cybersecurity authorities. The National Cyber Security Centre (NCSC), the European Union Agency for Cybersecurity (ENISA), and the National Institute of Standards and Technology (NIST) all recommend against mandatory password resets, citing evidence that frequent changes often lead to weaker passwords and reduced security. This shift could be a significant step forward in balancing security with user experience.”
As examples of these shits, Walker cites: “Easy-to-use enterprise-level alternatives to using passwords for operating systems such as Windows 10/11 include innovative authentication methods such as the Fast Identity Online (FIDO) standards. Windows Hello and Microsoft Edge have been supported by FIDO since 2018, yet widespread adoption of physical (FIDO2) keys in enterprise settings is still lagging due to cost barriers.”
There are other trends, notably: “We’ve seen the adoption of mobile passkeys (FIDO2) that are claimed to be phishing-resistant and are easy to use. Passkey usage means users no longer need to enter usernames and passwords for authentication. The passkey uses device biometrics to unlock their devices to sign into apps and websites. Expect the usage of passkeys to continue to accelerate in 2025.”
Prediction 2: The Rise of AI-Driven Human Augment Decision-Making in Identity Management
In terms of managing the digital identities of employees and consumers, Walker foresees: “In 2025, we may see the first widespread implementation of AI-human augmented decision-making in identity management. Not all organizations are ready to configure systems to “just do it,” that is, allowing AI to make decisions without human intervention; the industry will closely observe whether the human AI-augmented decision-making approach delivers value and can build trust.”
The process is not without its obstacles, and Walker observes: “A key challenge to full automation of decision-making will be the transparency of recommendations and how humans can override automatically made decisions with feedback, adjusting the recommendation engine for future decisions. Decision makers need to feel confident that they can trust the recommendation and that their feedback is effective, because they’re still accountable to the business when critical identity decisions are made without direct human oversight.”
Prediction 3: From Preventative to Proactive Security with GenAI Integration
Continuing with the theme of identify, Walker moves to process governance, stating: “Identity Governance and Administration (IGA) products will likely evolve into more proactive security tools. For example, offering real-time recommendations and insights to enhance IT security operations and maintain identity/data hygiene. Moving on from analysis of existing assigned permissions and incorporating user behaviour information as well, especially from cloud/SaaS systems that can easily share these logs.”
The solution is with us, in the form of GenAI. Here Walker pontificates: “ Integrating Generative AI will be a key driver in this change to become more proactive. For example, intelligent notifications using desktop collaboration tools to deliver daily “messages of the day” with personalized suggestions to strengthen identity security posture. Traditionally focused on prevention, IGA will shift toward contributing to operational security and security hygiene posture. The adoption of new, user-friendly interaction methods, such as the Generative AI-powered natural language model, will drive this transformation.”
Prediction 4: Enhanced Vendor Support Shared Signal Framework
Reliable security requires reliable forms of communication. Walker thinks: “In 2025, we’ll see accelerated adoption of the OpenID Shared Signals Framework (SSF) from vendors as organizations prioritize real-time communication between security tools to enhance adaptive security postures. With the identity perimeter now central to modern security strategies, more enterprises will integrate SSF to achieve seamless data sharing across disparate systems, enabling a more resilient defence against evolving threats.”
Closing out with the advantages, Walker indicates: “With its flexibility and scalability, the SSF will lead to more collaborative security ecosystems, breaking down silos across cloud providers, SaaS applications and security systems, thereby enhancing security in an increasingly hybrid and complex environment.”