In 2016, the clean line we’ve drawn between the world we live in and the one we work in is blurring. The glut of mobile devices in the workplace and new corporate policies allowing employees to access secure corporate networks with their own phone or tablet only further muddy the water.
Add to that the advancement of cloud computing and the evolutions of distributed systems, data, and networks, and you’ve got a flood of security challenges for IT professionals.
In the modern IT environment, organizations need to know exactly who is accessing what, when, where, why, and how. The stakes have never been higher.
From Target to Edward Snowden to the Office of Personnel Management breach, the lack of controls on information systems and sensitive data has caused a remarkable series of scandals over the past decade that have resulted in a loss of consumer trust as well as increased government regulation. So how can modern organizations keep up?
The best practice for the enterprise is to implement an Identity and Access Management (IAM) solution that handles the creation and management of user or connected device information as well as user’s access and authentication into external and internal applications, databases, or networks.
However, as information security has evolved, so have IAM capabilities. Today’s IAM systems are quickly embracing new capabilities and new platforms, as many turn to the cloud to address the aforementioned glut of mobile devices.
Today, the IAM market is mature and full of vendors capable of meeting the basic requirements of a typical customer, but the explosion of security data in the enterprise has left the door wide open for innovation from players both old and new. 2016 has the potential to be a year of big changes for IAM, so here are my top ten vendors to watch, presented in alphabetical order.
With its flagship Avatier Identity Management Suite (AIMS), California-based Avatier offers a suite of independently-licensed IAM products focused on usability and quick time-to-value.
Avatier’s strength is its unique self-service approach, which extends IAM automation and self-service capabilities beyond traditional use cases, making AIMS a strong choice for small to mid-sized businesses looking for a simple, manageable product with relatively easy maintenance and a focus on self-service. As an added bonus, Avatier’s interfaces support dozens of languages, including nearly every European language.
Beta Systems boasts a wide range of security solutions including its Security Access Manager Enterprise Identity Manager (SAM EIM) for identity governance and provisioning functions, and its’ Garancy Access Intelligence Manager (AIM) for access analytics.
Beta Systems’ products are known for their capabilities in mainframe security and for highly customizable environments, often geared towards the technical user. The Germany-based company scores points for strong support and maintenance and makes an especially good fit for European-based companies though they have been making inroads with North American customers as well.
Centrify’s IDaaS solution offers secure access to cloud and mobile apps via SSO, user-provisioning, mobile device management (MDM), and multi-factor authentication (MFA) capabilities, and is also compatible with Active Directory (AD).
Centrify is particularly notable for its integrated MDM capabilities, which are some of the strongest in the market and match the capabilities of many MDM vendors. Centrify also boasts easy-to-use dashboards and strong reporting capabilities, with nearly 50 out of the box reports, as well as a SaaS Privileged Identity Management (PIM) solution, making Centrify a strong choice for organizations with BYOD policies looking to simplify MDM, IAM and PIM simultaneously.
Crossmatch’s DigitalPersonal Altus platform offers deep MFA capabilities including contextual (risk-based) and application-based authentication and allows admins to manage accounts, roles, user access privileges with familiar Active Directory tools .
Crossmatch also offers a complete portfolio of hardware solutions, ranging from fingerprint readers to OEM modules and embedded sensors, as well as a full menu of professional managed services.
Specialized solutions for government, defense, and law enforcement make Crossmatch an attractive solution for public sector orgs. who need both digital and physical identity solutions, and Altus’s modular framework is ideal for orgs. of all sizes looking for an easy-to-deploy solution for strong authentication.
Texas-based NetIQ provides a highly scalable IAM suite offered with several optional add-ons, such as Access Review, a governance add-on, and the NetIQ Access Governance Suite (AGS).
NetIQ’s Identity Manager centralizes access administration and ensures that every user has one identity—from your physical and virtual networks to the cloud—with a highly flexible solution and strong provisioning capabilities ideal for a variety of business use-cases.
Okta’s IDaaS offering boasts one of the fastest growing customer bases in the market and the funding to match—the company has reached “unicorn” levels of funding in the last 12 months.
The Okta identity management service provides directory services, SSO, strong authentication, provisioning, workflow, and reporting, all delivered as a multitenant IDaaS though some components reside on-premise. Aside from standard IDaaS capabilities, Okta also provides MDM and phone-as-a-token authentication capabilities. Okta features a broad partner-ecosystem, but lacks slightly in reporting capabilities. Okta opened an EU-based data center in 2015, making the company an ideal IDaaS solution for small to midsized businesses on either side of the Atlantic.
California-based OneLogin provides an on-demand IDaaS solution consisting of single sign-on, multi-factor authentication, directory integration, user provisioning, and a catalog of pre-integrated applications. OneLogin is provided via a multitenant architecture and provides strong capabilities and support for access management policy administration, user directory integration, and end-user self-service. As major proponents of the OpenID Native Applications Working Group (NAPPS), OneLogin has taken a standards-based approach to application integration and established itself as a thought leader in the field of authentication.
OneLogin makes an excellent IDaaS solution for organizations of any size looking for powerful SSO, directory, and MFA capabilities.
The Ping Identity Platform is a multi-tenant, web-centric IDaaS offering that provides secure single sign-on from any device and provides administrators with a single dashboard from which they can manage user access for all applications. Ping Identity Platform comes bundled with PingFederate, a federation service supporting all of the current identity standards including SAML, WS-Federation, WS-Trust, OAuth and OpenID Connect, and PingAccess for managing policies on both applications and APIs. Platform customers can use a lightweight self-services bridge component to integrate with AD, Google, or with one of may SaaS provisioners
Ping delivers this technology as a solution to manage partner employee identities, as well as customer identities through a reseller partnership with UnboundID.
RSA, the security division of EMC, which was acquired by Dell in late 2015, offers both IDaaS and traditional identity management and IGA solutions. RSA Identity Management and Governance (RSA IMG) is a highly scalable identity management suite built from separately licensed components. RSA’s Archer Governance, Risk, and Compliance products are highly capable and a good fit for companies with heavy governance needs and stringent compliance requirements.
RSA Via is a highly capable IDaaS suite composed of separately licensed SaaS point solutions including access control (SSO, MFA), governance, lifecycle management, MDM, and adaptive authentication.
Texas-based UnboundID is a developer of highly scalable identity management software, ideal for supporting consumer-facing use-cases such as online retail sites or social networking platforms. The company’s flagship UnboundID platform provides traditional IAM capabilities such as on/off-boarding of users and policy-based data governance, as well as CIAM-specific tools designed to store, protect, and leverage consumer identity and preference data. UnboundID’s scalability and unparalleled focus on CIAM use-cases make the company as a strong choice for businesses of any size that require large -scale management of consumer identities.
The UnboundID platform can be deployed on-premise or in a range of public, private, or hybrid cloud environments.
And watch this for the 10 Best Resources for Evaluating IAM solutions:
Latest posts by Jeff Edwards (see all)
- Avatier Adds Biometric MFA to Password Station - November 30, 2016
- Why Using SMS in Your Authentication Chain is Risky, AppSec 2016 - November 29, 2016
- 2017’s Top Identity Management Conferences and Events - November 28, 2016