On May 12-13, Gartner’s annual Identity Summit was held with more than 1900 professionals from 950 companies participating in the two-day virtual event.
For the 7th consecutive year, Integral Partners attended as a Gold sponsor. Along with our sponsorshop and IAM Essentials Workshop demo, we visited presentations from Gartner analysts, technology vendors and industry thought leaders to take measure on current state of identity and what to expect in our post pandemic world.
Here are some of our key takeaways…
Identity is Essential Infrastructure
‘Identity is the ultimate attack surface…and thus a new control plane’ declared Gartner analyst Tricia Phillips during the opening Keynote. The theme of identity as essential infrastructure was repeated throughout the event, leaving little doubt that identity automation and policy/governance enforcement are critical foundations in modern cyber security.
Cloud First (and Second)
Identity is growing at an accelerated pace and predicted to be a $19 billion annual industry by 2024. Fueling growth is the global migration of applications and infrastructure to the Cloud. Identity is now the perimeter that must be established to achieve required levels of security and compliance.
As more organizations are adopting a ‘Cloud First’ strategy, identity software vendors have responded with SaaS offerings (often referred to as IDaaS). These solutions enable customers to align their fundamental IAM capabilities with the strategy and achieve the necessary security and compliance objectives for their hybrid (on-prem and Cloud) application landscape.
Furthermore, as organizations’ Cloud strategies mature, additional more sophisticated IAM capabilities are required by the Cloud infrastructure and the complicated access models introduced by Amazon, Google, and Microsoft respectively, and by microservices architectures. This has led Identity software vendors to introduce important modules including Cloud Infrastructure Entitlement Management (CIEM), AI/ML Analytics, Cloud Privileged Access Management, and Customer/Consumer Identity & Access Management (CIAM).
So while establishing a secure and compliant Identity perimeter to support an ongoing Cloud migration strategy can be daunting, organizations don’t need to heap it all on at once. Establish an IAM program roadmap that aligns with your Cloud migration strategy and roadmap to ensure the appropriate level of identity sophistication throughout the journey.
Traditional Identity Lines are Increasingly Blurred
The past 18 months has seen a breakdown of the traditional domains of identity governance, privileged security, access management and CIAM. The large best of breed identity vendors are expanding their platform capabilities, both in-house and via acquisitions, to offer a wider set of solutions to their customers.
One example of this shifting marketplace is privileged access management heavyweight CyberArk purchasing the access firm Idaptive. Other examples include new integrated privileged security offerings from IGA vendors SailPoint, Saviynt and IBM. At their recent Oktane conference, Okta announcement they will be releasing privileged security and identity governance enhancements in early 2022.
Analysts agree that an IGA platform is the foundation of a modern identity program, and should be integrated with PAM, ITSM, analytics, data access governance, and cloud infrastructure entitlement management (CIEM) where needed.
Since the founding of Integral Partners, our Advisory team has been kept busy helping organizations sort through the noise to determine which vendors and tools are the best fit for their needs. We’ve definitely seen an increased demand for these services over the last year, which is in part a result of these blurred lines between the leading IAM vendors and the products they provide.
Influence Shifting to MSSPs
Gartner predicts ‘by 2023, 40% of IAM application convergence will be driven by MSSPs that focus on delivery of integrated, best-of-breed solutions – which results in shifting influence from vendors to service partners.’
With legacy IGA solutions becoming increasingly outdated, Gartner analyst Paul Mezzarra summarized modern identity architecture as having following characteristics:
- Service-based architecture
- REST APIs/Standard protocols
- Deep application integration
- Normalized, reference builds
- Consumerized UI
- Multiple software delivery methods
- Flexible data models
- Scale, performance, and elasticity
To deliver this type of agility, Tricia Phillips stated ‘no single new technology can solve the problems facing IAM leaders’, reinforcing the premise that best of breed technologies along with leading IAM platform modules will be bundled, delivered and supported by managed service providers and not cobbled together by enterprise teams.
Half of IGA Deployments are in Distress
Despite technology improvements and increased cross domain functionality, identity remains the most challenging of security initiatives. Gartner estimates that 50% of current IGA deployments are in distress.
So why are so many programs struggling? Gartner’s research found these reasons for the distress:
- Siloed delivery teams
- Technical versus business prioritization
- Overambitious delivery and project scoping
- Lack of clarity in program vision
- Treating identity as ‘one and done’
- Lack of sustained incremental business value
To address these issues, almost all analysts reiterated the critical need to think of identity outside of traditional technology projects and invest in coordinated and business focused programs.
IAM is a Program, Not at Project
Identity covers a lot a ground and impacts virtually all constituencies across an organization (workforce, partners, vendors, customers). This inherently means that there will always be competing priorities, politics, and differing measures of success. These issues, along with the reasons outlined in the previous section, can lead to distressed and failed Identity projects. This is why it’s critical for organizations to not think about Identity as a ‘one and done’ project, but instead develop a strategy and roadmap that leads to a mature, well-supported IAM Program.
Analyst David Collison was more direct about the importance of identity as a coordinated undertaking:
“Through 2021, organizations without formal IAM programs will spend 40% more on IAM capabilities while achieving less than organizations with such programs.”
Integral Partners has long supported the “IAM is a program, not a project” philosophy. We understand that modern tools enable effective automation. We’re in lock step with Gartner’s opinion that identity success requires an IAM program to ensure aligned business strategy, cross departmental stakeholder engagement, developing common language and maximizing technology investment across the organization.
Our Free IAM Essentials Workshop Draws an Audience
As part of our sponsorship of the Gartner conference, we previewed of our free IAM Essentials workshop. If you attended – thank you! We were grateful for the large audience and great feedback. With your help, it turned out to be the most successful sponsored demo session of the 2021 summit.
Although these workshops are always tailored to fit the interests of the attending organization, they aim to provide an understanding of the terms, tools, processes, and best practices that make up a successful IAM program. They’re designed to align stakeholders, create a common language, get executive buy-in, and preview exercises (like our Maturity Model) that can help you evaluate and establish a successful Identity program.
Weren’t able to attend Gartner but would like to learn more about our Identity Essentials and other domain specific workshops? Here’s a quick preview of some of what you can expect:
You can also learn more here: https://www.integralpartnersllc.com/iam-services/identity-and-access-management-essentials-workshop/
Sound interesting? Click here to put 15 minutes on our calendar to discuss a possible workshop for your team.
If we missed you at the Gartner summit, come meet with us (virtually or in person) at Identiverse 2021. We’re Exhibitors at the June 21-23 event, and would love to talk with you about all things IAM.
Check out our Identiverse promotions – win a free virtual pass and other nice prizes. We’re also offering a custom workshop to cover the key topics at the conference.