Predictions on Identity’s role in 2024 from Okta Ventures portfolio leaders

Secure browsers. Frontline worker digital security. Identity security posture management. Verifiable credentials. Software secure by design.

At Okta Ventures, our interactions with visionary founders and teams give us a front-row seat to these new innovations. 

We asked eight founders for their perspectives on what is coming in 2024, and we got insights from around the world that we're sharing below. Enjoy! 

Predictions for 2024

Zheng Wei Quah, CEO, Accredify

I look forward to seeing how enterprise digital Identity can help break the dilemma of choosing between security and accessibility. From our experience, Identity solutions have been effective in improving business security through products such as single sign-on (SSO) and multi-factor authentication (MFA). By coupling these with verifiable credentials, the industry can extend the proof of "who you are" to the proof of "what you have." If achieved, we can expect a world of hyper-automation where security and accessibility are no longer a balancing act.

Oliver Friedrichs, CEO, Pangea Security

With CISA’s Secure by Design guidance and the SEC charges against Solarwinds and Solarwinds’ CISO, the need for organizations to develop a secure software development lifecycle (SDLC) has never been more important. Car manufacturers, aerospace companies, and other crucial technologies face strict regulations, yet shipping poorly written software has no implications today. This will inevitably change as companies are increasingly being asked to attest to their secure SDLC practices. It will be imperative that organizations implement three main tenets of this secure SDLC: application hardening, security features, and secure by default. 

Application hardening ensures that applications are designed securely from the start, including architectural considerations and threat modeling. Security features ensure that applications provide a secure user experience, with robust authentication, authorization (RBAC, ABAC, ReBAC), a secure audit trail, a secret and cryptographic key store, secure file object storage, detection of PII that could be leaked, and more.

Secure by default ensures that important features like MFA are enabled by default and additional features like SSO are included at no charge. These needs will force security teams to shift even further left, collaborating with engineering to incorporate security into the very beginning of the SDLC.

Mohit Garg, CEO Oloid

In 2024, advancements in frontline worker authentication will prioritize improved user experience and streamlined processes without compromising security. Tailored authentication solutions will emerge to address the unique needs of deskless workers — such as the adoption of passwordless methods to enhance app utilization and protect against phishing, account takeover (ATO), and man-in-the-middle (MITM) attacks. Automated, pre-verified credentials registration will simplify onboarding for high-turnover positions, while authentication methods will increasingly leverage natural factors like biometrics for secure access. Contextual authentication, incorporating factors such as location and time, will bolster security protocols. The convergence of physical and cybersecurity will intensify, particularly for deskless workers in labor-intensive sectors, with increased integration of physical Identity factors like RFID cards and NFC aligning with shared device models. Adaptive authentication, dynamically adjusting security levels based on perceived risk, will transition from an advanced feature to a mainstream, flexible framework. Presence detection capabilities will rise, especially in shared device environments, automatically signing out users when the device is no longer in use. Deviceless MFA options will gain traction, enabling compliance in environments where smartphones or hardware keys are not a viable option."

Moty Jacob, CEO Surf Security

As we stride into 2024, we envision a transformative shift in the cybersecurity Identity landscape. Identity-driven browsers are bringing common sense to architecture, allowing users direct access to on-premises and SaaS applications with enhanced security controls. Empowering organizations to dictate browser functionalities, such as copy, cut-paste, data masking, and redaction, heralds a new era where information flow is under enterprise control and governance, reshaping the future of secure Identity management. This aligns with Gartner's projection that, by 2025, enterprise browsers or extensions will be featured in 25% of web security competitive situations, up from less than 5% today.

Matt Chiodi, CSO Cerby

In 2024, AI-driven cyberattacks will grow more sophisticated, leading to a rise in zero-day exploits. This trend underscores a critical challenge: securing nonstandard applications that often lack support for essential security standards like Security Assertion Markup Language (SAML) for authentication and System for Cross-domain Identity Management (SCIM) for automated onboarding and offboarding of access. 

According to research from the Ponemon Institute, fifty-two percent of organizations have experienced cybersecurity incidents caused by nonstandard applications. A lack of support for standards means they are likely to become prime targets for AI-enabled attackers.

Businesses must respond by integrating these nonstandard applications into their Identity security strategies. This will involve deploying advanced Identity-protection mechanisms that go beyond basic security measures and ensure nonstandard applications are integrated into Identity platforms like Okta. Implementing MFA, AI-powered anomaly detection, and real-time monitoring will be crucial in safeguarding against these emerging threats.

Maor Bin, CEO Adaptive Shield

In the SaaS world, threat comes in an Identity-centric form. Many existing Identity threat detection and response (ITDR) solutions concentrate on protecting endpoints and Active Directory, often overlooking the complexities of the SaaS environment. With the transition from on-premises Active Directory to SaaS, a gap in Identity security posture management is emerging. Dealing with SaaS-related threats requires deep knowledge and proven expertise to achieve accurate detection of sophisticated and subtle Identity-driven threats.

Simon Taylor, CEO HYCU

It’s no surprise that the AI frenzy that started in 2023 will continue into 2024. From an IT perspective, this will impact five critical areas: 

1. Explosion in the amount of new data created and the need to manage it 
2. Increased need to create a clear security and governance strategy around data to protect both companies and people 
3. Protect critical infrastructure from bad actors who will use AI to try and crack open the crown jewels like security and Identity 
4. Acceleration of AI and the rate of delivery of new SaaS services that can cause IT to struggle for control 
5. Technologies like HYCU that will leverage AI to create a scalable way to address the need to protect and recover data as more and more companies use SaaS applications and services

David Goldschlag, CEO Aembit

In 2023, we started to hear from enterprise customers that secrets managers and vaults are an “anti-pattern.” DevOps and security want to manage access policies between workloads instead of managing secrets. For 2024, we expect that many customers will start to adopt workload IAM without even trying secrets managers.

We are also seeing that enterprises are thinking about workload Identity in a richer way, beyond just a core Identity, to also include posture and context. For example, an access decision could consider conditional access criteria, like the posture of the workload.

Karine Mellata, CEO, Intrinsic

Generative AI has created a new opportunity for abuse to scale and proliferate fraudulent identities, as well as abusive content and abusive platform behavior. The attacks will be far more sophisticated and harder to detect with current outdated detection systems. This could make Identity security more focused on verified human behavior over a period of time, as opposed to only gating sign-up flows (like selfie checks).

Marshall Pribadi, CEO, Privy ID

User-centric reusable digital Identity will be widely accepted in Indonesia, Australia, and New Zealand. Cost-sharing in customer due diligence will be the new norm. Enhancing user convenience while tackling higher costs will be critical.