Access to corporate systems is usually determined by defined roles, such as administrator, business user or guest. But future systems will take into account not only a person's role but "the device they're using, the current threat level, the security of the location from which access is requested and so on," says Menon. "Heuristics will monitor patterns of use, and if a user begins to do things 'out of character,' it will set off alerts."
Campbell from Nucleus Research predicts that a persistent, personal identity will also be part of the new security framework. "People will have a single identity for school, personal, corporate, etc. You won't add a new user to the corporate network but rather authorize someone's identity."