“Many enterprises are still in the early stages of deploying passkeys and FIDO2, and biometrics are often deployed as part of a broader MFA strategy, where hardware costs and management overhead remain barriers to widespread adoption,” says Conscia’s Hanagan.
Regulations shake up IAM architectures
The regulatory environment has evolved from a tick-box exercise in compliance toward governance and continuous testing to demonstrate corporate adherence to regulations. That shift, according to Conscia’s Hanagan, is actively reshaping how organizations architect their IAM programs.
“There is a significant amount of regulatory work under way,” he says. “GDPR, NIS2, DORA, PCI DSS 4.0, and sector-specific frameworks all focus on who accesses what, when, and why.”
