Analyst house Gartner, Inc. has released a brand new Magic Quadrant covering Identity and Access Management (IAM), the 2017 Access Management (AM) Magic Quadrant (MQ).
This is the first iteration of the AM MQ report, which is replacing Gartner’s Magic Quadrant for Identity and Access Management as a Service (IDaaS). Gartner will no longer be covering IDaaS with a magic quadrant.
In the 2017 MQ for AM, Gartner evaluates the strengths and weaknesses of 15 vendors that it considers most significant in the AM market and provides readers with a graph (the Magic Quadrant) plotting the vendors based on their ability to execute and their completeness of vision. That graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. Gartner does not endorse any vendor, product, or service depicted in its research publications.
The 15 vendors featured in the report are, in alphabetical order, Atos (Evidian), CA Technologies, Centrify, Covisint, ForgeRock, IBM, i-Sprint Innovations, Micro Focus, Microsoft, Okta, OneLogin, Optimal IdM, Oracle, Ping Identity, and SecureAuth.
At Solutions Review, we read the 30-page report, available here, and pulled a few of the most important takeaways. But before we get to the meat and potatoes, let’s break down what Gartner means by “Access Management.”
What is Access Management?
As noted above, the AM MQ is a brand new take from the folks at Gartner, who have previously only released IAM-related MQs on IDaaS and Identity Governance and Administration (IGA).
According to Gartner, the AM MQ covers technologies that “use access control engines to provide centralized authentication, single sign-on (SSO), session management and authorization enforcement for target applications in multiple use cases.”
AM tools may also include the following noncore functionality such as identity administration, password resetting, Enterprise Mobility Management (EMM), identity synchronization, and identity repository services, according to Gartner.
Six Vendors Lead the Pack
The leader’s quadrant in Gartner’s new report is a crowded field, with legacy AM vendors Microsoft, Oracle, IBM, and CA Technologies and IDaaS-centric vendors Okta and Ping Identity in close competition for the top spot. All of the leader’s in the new MQ have $100M or more in revenue, though many are still building that revenue on older products brought to market in the 90’s.Okta, who scored the highest in the report, was praised by Gartner for its rapid implementation, reliability, and support.
Oddly, it seems as though Gartner has decided to focus less on IDaaS, since deprecating that report, despite their claim that, by 2021, IDaaS will be the majority access management delivery model for new purchases, up from less than 20% today. Of the six vendors in the leader’s quadrant, three (CA Technologies, IBM, and Oracle) were criticized for low-feature IDaaS offerings. Perplexingly, ForgeRock, who does not offer any IDaaS solutions at all, was rated as the most “visionary” vendor in the report.
Contextual Access Controls a Key Differentiator
For years, pundits have been saying that Access Management technology is unable to handle modern networks, The idea is nothing new, but it’s been getting a lot of airtime, as data breach after data breach result from clumsy workplace access management. Now, many are saying that even Role-based Access Control (RBAC) isn’t enough to account for the countless devices, environments, and circumstances of the modern workplace. According to some critics, the answer to these problems is Contextual Access Management. And now it seems that Gartner too sees contextual and adaptive access as the way forward for AM.
According to Gartner, most AM vendors are now capable of using contextual information, such as date, time, location, endpoint information, such as browser and software characteristics, and IP address when making access decisions.
And, says Gartner, “buyers of AM products from vendors that also sell and integrate EMM products can expect more device context to be used in access decisions. For example, is the device registered, jailbroken or rooted? Does it contain a device certificate? Does it have the latest security patches? Centrify and Microsoft are examples of vendors covered in this Magic Quadrant that can leverage these types of context in access decisions.”
Gartner says that buyers of AM products should expect more contextual and adaptive access features to become commonly available in vendor offerings during the next three years and beyond.
For more, get the full Magic Quadrant here.
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017