Examining Gartner’s 2016 IDaaS Critical Capabilities Report

Gartner-Critical-Capabilities

Editor’s note: The 2017 Gartner Critical Capabilties report for IGA is now out and available here. 

Analysis and research firm Gartner, Inc. recently released its latest Critical Capabilities Report for Identity and Access Management as a Service (IDaaS)

In the 2016 version of their Critical Capabilities report for IDaaS, Gartner takes the 18 vendors that it considers most significant in the worldwide IDaaS market and evaluates the strengths and weaknesses of those vendors against 11 ‘critical capabilities’ and three common use cases for IDaaS. Gartner does not endorse any vendor, product, or service depicted in its research publications.

The 18 vendors featured in the report are, in alphabetical order, Bitium, Centrify, Covisint, Fischer International, Gigya, IBM, Ilantus, Intermedia, iWelcome, Janrain, Microsoft, Okta, OneLogin, Ping Identity, RSA, Sailpoint, Salesforce,and Simeio Solutions.

I read the 22-page report, available in full here, and pulled the three most important takeaways and key market indicators. But first, let’s get a couple of definitions out of the way…

 So What are Critical Capabilities, Exactly? 

This one is pretty straightforward: Gartner defines Critical capabilities as “attributes that differentiate products/services in a class in terms of their quality and performance.”

For IDaaS, those critical capabilities are Access Certification, Access Request and Workflow, Authentication, Authorization Enforcement, Cloud Directory, Mobility Management, On-Premises Application Integration, Profile and Password Management, Reporting and Analytics, SaaS Application Integration, and Social Identity Integration. Those capabilities are evaluated across three use cases: Workforce to SaaS, Business-to-Consumer (B2C), and Traditional/Legacy Workforce.

Gartner rates each vendor’s product or service on a five-point scale in terms of how well it delivers each capability.

Just one more thing before we jump in—let’s clarify exactly what Gartner analysts mean when they talk about IDaaS.

How Gartner defines IDaaS

According to Gartner’s analysts, “a vendor in the IDaaS market delivers a predominantly cloud-based service in a multitenant or dedicated and hosted delivery model. The service brokers a set of functionality across multiple IAM functions — specifically, identity and governance administration (IGA), access enforcement, and analytics functions — to target systems on customers’ premises and in the cloud.”

To be included in The 2016 IDaaS Critical Capabilities report, vendors must have a significant market presence in at least one of the use cases and at least four of the critical capabilities listed above. Market presence can be demonstrated in one of two ways — by significant market share or by differentiating innovation.

IDaaS Adoption—and Functionality— are Growing Fast

In its early days, IDaaS market growth was driven by small and midsized businesses that looked to cloud-based SaaS delivery models to simplify their application deployment and usage.

Since then, IDaaS functionality has improved at a rapid pace, and today many cloud-based vendors can deliver the same functionality expected from traditional full-featured, on-premises IAM stacks.

And it’s common knowledge that companies and governments around the world are seeing increased value in IAM Solutions. For example, 93% of European IT security leaders plan to maintain or increase spending on IAM in the next three years, according to a recent study.

Gartner analysts predict that by 2020, 40 percent of IAM purchases will use the IDaaS delivery model, a two-fold increase from less than 20 percent today. Perhaps more important is that 40 percent of those IDaaS implications will fully replace on-premises IAM implementations, according to Gartner. The future, it seems, is in the cloud.

But it’s not all good news. IDaaS can ease deployment pains, sure, but implementations can be much more complex, time-consuming and costly, warns Gartner. Especially when organizations have requirements for IGA functional depth and when they have legacy on-premises application targets. Gartner recommends you Identify IAM business drivers and constraints as well as the use cases and depth of IAM functionality that must be supported to determine if the IDaaS delivery model is a good fit for your organization.

The Majority of that Growth Comes from Workforce to SaaS & B2C Use Cases

As noted above, the workforce to SaaS use case drove early growth for the IDaaS market, and it is still a primary growth driver today. However, Consumer Identity and Access Management (CIAM) has also proved itself as a major growth driver, as “organizations look to provide consumer access to their online applications or replace a mixture of custom-developed IAM products and traditional on-premises IAM products,” says Gartner.

Gartner analysts said that 90 percent of “client interactions on the topic of IDaaS indicate a need for either workforce to SaaS or business-to-consumer (B2C) use cases.” Meanwhile, just ten percent of interactions focus on on-premises application support with more in-depth IGA requirements.

Gartner recommends cloud-native vendors such as Centrify and Okta for workforce to SaaS, and specialized Consumer Identity and Access Management (CIAM) vendors such as Gigya and iWelcome for B2C use cases.

To learn more about this report, get a full copy from Centrify here. You can also read the Forrester Wave: Identity-As-A-Service Q4 2017 report and the KuppingerCole Leadership Compass—IDaaS; Single Sign-On to the Cloud

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff