As an IAM professional, one of the most highly anticipated events in the identity and access management space is the annual Gartner IAM Conference. It gathers industry experts, vendors, and IT professionals to discuss the latest trends and advancements.
Fueled by coffee and a thirst for knowledge, I made it my mission to visit every vendor booth, speak with attendees, and participate in info sessions – all with a goal of better understanding the challenges and opportunities facing the IAM industry today.
The 2023 conference did not disappoint, with a wealth of information and insights gathered.
Here are some of the key takeaways from my quest…
- Zero Trust is the future of IAM: With the rise of cloud computing and the increasing number of cyber threats, the Zero Trust model hasn’t lost steam. This model requires all users and devices to be authenticated and authorized before accessing any resources.
- IAM and security convergence are critical: Organizations must break down silos between their security and IAM teams to achieve better alignment and collaboration.
- User experience is critical: While security is paramount, IAM solutions must be user-friendly and convenient or users will become frustrated and find ways to work around them.
- Hybrid IAM is the reality: Only some organizations are fully cloud-based or fully on-premises. Most have a mix of both, requiring a hybrid IAM approach to accommodate both environments.
- Artificial intelligence (AI) and machine learning (ML) are game-changers: These technologies can analyze vast amounts of data and identify patterns and anomalies humans might miss, improving security and efficiency.
- The role of the IAM professional is evolving: Being a tech resource is not enough. IAM professionals must be able to collaborate with different teams and stakeholders, understand business requirements, and stay up-to-date with the latest technology trends.
- The impact of privacy regulations on IAM: GDPR and other privacy regulations are significantly affecting IAM, with organizations needing to ensure that they comply with these regulations.
- Automation is the future: This one seems obvious, but many companies still struggle with slow and error-prone manual processes. Automation is critical to scaling IAM programs and achieving better efficiency and accuracy.
- Multi-factor authentication is more important than ever: Zero Trust is one driver of this trend, as it adds additional factors to an authentication pattern, improving trust in the session.
- The importance of identity governance and administration (IGA): IGA solutions are becoming increasingly crucial in IAM, as they allow organizations to manage and control user access to systems and data.
- The need for secure access service edge: SASE solutions are used to provide secure access to resources from anywhere and anytime.
- The need for agile IAM solutions: As organizations continue embracing digital transformation, IAM solutions must adapt to changing business needs.
- The importance of vendor selection in IAM: With so many IAM solutions available, selecting a vendor that can provide the necessary functionality and support for your organization is essential.
- The future of IAM is cloud-based: This has been clear to our team for years now, as we watched the IAM vendor ecosystem move that way. Cloud-based IAM solutions are becoming increasingly popular as they offer scalability, flexibility, and cost savings. These cloud solutions can manage IAM for both on-premise and cloud-based applications.
In addition to these key takeaways, there were also several lessons that were either reinforced at the conference:
- The need for a comprehensive IAM strategy that addresses all aspects of IAM is a MUST. Our “IAM is a Program, not a Project” session at Gartner addressed the challenges that the lack of an overall strategy produces.
- Collaboration is key. Organizations must foster collaboration between teams, such as security, IT, and business units, to succeed in IAM.
- IAM is a journey, not a destination. Implementing IAM solutions is an ongoing process that requires constant refinement and improvement.
- Integration is critical. IAM solutions must be integrated with other systems and applications to be effective. Standalone IAM solutions improve manual processes but need to integrate between and across tools.
- Communication is vital. Clear communication is essential to ensure that all stakeholders understand the value and benefits of IAM.
- Education of stakeholders is also vital and is an ongoing requirement. IAM needs to be better understood by most users in an organization, and the job of IAM experts is to evangelize and teach about IAM best practices and approaches.
- To provide a comprehensive security posture, IAM solutions must be integrated with other security technologies, such as SIEM, DLP, and endpoint protection. IAM is a security domain, and achieving the best risk reduction requires that all security tools talk to each other and provide data to enhance monitoring and security actions.
- IAM requirements change quickly as business demands require. IAM solutions must be continuously monitored and updated to remain effective and aligned with the organization’s goals.
WHAT IS NEW WITH THE IAM MAINSTAY VENDORS?
- BeyondTrust – BeyondTrust recognized as a leader in the privileged access management (PAM) market for several years in a row. In their Gartner Magic Quadrant report, Gartner praised BeyondTrust for its strong PAM offering, which includes password management, session management, and privilege elevation controls. Gartner also noted BeyondTrust’s high customer satisfaction ratings, ability to integrate with a wide range of third-party technologies, and strong presence in the mid-market.
- CyberArk – CyberArk recognized as a leader in the privileged access management (PAM) market for several years in a row. In their Gartner Magic Quadrant report, Gartner praised CyberArk for its comprehensive PAM offering, which includes session management, credential management, and privileged threat analytics. Gartner also noted CyberArk’s strong customer satisfaction ratings, large customer base, and ability to execute its roadmap effectively.
- SailPoint – SailPoint recognized as a leader in the Identity Governance and Administration (IGA) market for several years in a row. In the Gartner Market Guidance report, Gartner praised SailPoint for its scalable and mature IGA offering, advanced analytics capabilities, and focus on innovation. Gartner also noted SailPoint’s strong customer satisfaction ratings and ability to execute its roadmap effectively.
- Saviynt – Saviynt has been recognized as a leader in the Identity Governance and Administration (IGA) market for several years. In their Gartner Market Guidance report, Gartner praised Saviynt for its scalable, cloud-native IGA offering, advanced analytics capabilities, and comprehensive access request management. Gartner also noted Saviynt’s strong customer satisfaction ratings and ability to deliver quick time-to-value for customers.
- Microsoft Entra – Microsoft Entra is a leading vendor in the IAM space, focusing on cloud-native identity management. Their platform is designed to provide organizations with a comprehensive and secure identity and access management solution that can be easily integrated with other Microsoft tools. Microsoft Entra’s solution is highly scalable and flexible and offers advanced security capabilities such as multifactor authentication and conditional access. Their close integration with the broader Microsoft ecosystem makes them a vendor to watch in the IAM space.
I’m happy to report that I was able to successfully finish my quest. The reward was not only knowledge and some new friends, but I also obtained a fair amount of free t-shirts, pens, and water bottles! Who doesn’t love swag?
With a focus on identity governance, machine learning, cloud-based solutions, and user experience, the conference highlighted the need for IAM solutions that are flexible, adaptive, and integrated with other security technologies.
Here are a few additional resources that you might find helpful regarding some of the topics above:
A recent podcast that highlighted the value of an IAM Advisory engagement (the activities involved, the benefits…): https://www.integralpartnersllc.com/iam-insights-podcast-the-value-of-an-advisory-engagement/
Video on the common challenges encountered when adopting PAM: https://www.integralpartnersllc.com/video-pam-adoption-challenges-and-solutions/
Our free IAM Essential Workshop that was highlighted during our session: https://www.integralpartnersllc.com/iam-services/identity-and-access-management-essentials-workshop/
Zero-Trust version of our free workshop: https://www.integralpartnersllc.com/iam-services/zero-trust-workshop/
If your team would like to discuss the IAM challenges your organization face, including any of the topics covered at Gartner, please feel free to throw 15 minutes on our calendar here.
As a Senior Identity Access Management Advisor at Integral Partners, David is responsible for designing, implementing, and managing Identity and Access Management (IAM) programs for our clients. This requires a deep understanding of the IAM landscape, including industry standards and best practices, as well as experience with IAM tools and technologies.