Internal access management (IAM) is seeing compounded growth in demand and adoption as a key component in zero trust and security in general, expanding across cloud native to legacy infrastructures.According to Forrester, the market size of identity access will total $27.5 billion by 2029 at a compound annual growth rate of 15.3% from 2024 until 2029. Forrester also reports notes that IAM is now the third fastest-growing segment in all of cybersecurity.Meanwhile, this growth and demand comes from an increasing trust in open source alternatives to take organizations where they want to go for their IAM and token requirements.Access to the keys to their castle is the priority, and the resulting flexibility that open source can increasingly offer covers not only flexibility, but also damage control, remediation, and other security elements that go well beyond simple IAM.According to the Linux Foundation, 83% of organizations believe open source is valuable to their future, and 26% specifically cite “cybersecurity” as the area benefiting most from open source.“Relying on proven open source solutions for identity management can definitely provide improved options for flexibility and security over closed, proprietary solutions,” Fletcher Heisler, CEO, Authentik, told me. “Open source and source-available code means that customers, and the industry as a whole, can review, test, and verify a solution’s approach to security instead of simply having to trust a vendor. It also avoids vendor lock-in, as the core functionality is available for use anywhere.”Cryptographic libraries shift away from proprietary and closed tokens accounts for the shift to open source alternatives for IAM. “Just as it has long been an obvious choice to use cryptographic libraries that have been thoroughly reviewed and vetted by a wider community, rather than proprietary, opaque solutions, the same is becoming true in a broader security context: why should an enterprise trust their identity and access management to software that they cannot examine?,” Heisler said. “IAM has become too central to enterprise security, and too interconnected with regulatory, operational, and reputational risk, for organizations to entrust it to solutions they cannot independently verify.”Take Heed, GovernorGartner reports that 50% of organizations will implement a Zero Trust posture for data governance by 2028. “Active metadata management” (a core feature of flexible, open-standard IAM) will be the “key differentiator” for real-time alerting and automated decision-making, according to Gartner.In its report, Gartner says organizations should consider several strategic actions to manage the risks of unverified data. They include:“Appoint an AI Governance Leader: Establish a dedicated role responsible for AI governance, including zero-trust policies, AI risk management and compliance operations. This leader should work closely with data and analytics (D&A) teams to ensure both AI-ready data and systems capable of handling AI-generated content.Foster Cross-Functional Collaboration: Form cross-functional teams that include cybersecurity, D&A and other relevant stakeholders to conduct comprehensive data risk assessments to identify business risks related to AI-generated data and determine which are addressed by existing data security policies and which need new strategies.Leverage Existing Governance Policies: Build on current D&A governance frameworks and focus on updating security, metadata management and ethics related policies to address new risks from AI-generated data.Adopt Active Metadata Practices: This enables real-time alerts when data is stale or requires recertification, helping organizations quickly identify when business-critical systems may become exposed to inaccurate or biased data.”Several industry trends are driving this shift toward open source, particularly for compliance, Heisler said. First, zero-trust architectures and regulatory requirements (FedRAMP, GDPR, HIPAA) demand stronger assurances about how identity data is handled, logged, and secured, Heisler said. The move toward microservices architectures, private cloud, and hybrid infrastructures requires IAM solutions that are extensible, auditable, and interoperable, favoring open standards and open source implementations. Supply chain security concerns have also made organizations far more cautious about the hidden risks of unauditable software, Heisler said.“Open security has also matured to now make this move possible: vetted open source IAM frameworks, standardized protocols and security community audits now offer enterprises both transparency and trustworthiness,” Heisler said, citing OAuth 2.0, OIDC and SCIM as examples of worthy open protocols. “IAM solutions must also work effectively with microservices infrastructure, especially for token access. Previously, legacy infrastructure often required centralized authentication for entire applications or infrastructures,” Heisler said. Now, thanks to microservice architectures, authentication can be broken down and used for different logins, separate logins, sign-up services, or other microservice applications. The isolation proves highly beneficial.”The post Why 83% of organizations reportedly trust open source with their most sensitive assets appeared first on The New Stack.