It’s here at last: technology research and analysis firm Gartner, Inc. has released the annual iteration of their Magic Quadrant for Access Management, Worldwide report for 2018. For the uninitiated, in this report Gartner evaluates the strengths and weaknesses of the 15 Access Management vendors that it considers the most significant in the market based on distinct service and market share criteria.
The report then provides readers with a graph—the so-called Magic Quadrant—plotting the vendors based on the completeness of, and their ability to execute on, their security platform’s vision. The four categories of the Quadrant are Leaders, Visionaries, Challengers, and Niche Players. Gartner does not endorse any vendor, product, or service depicted in its research publications.
This year the 15 vendors selected to the 2018 Magic Quadrant for Access Management, Worldwide Report are Atos, Auth0, CA Technologies, Centrify, ForgeRock, IBM, i-Sprint Innovations, Micro Focus, Microsoft, Okta, OneLogin, Optimal IdM, Oracle, Ping Identity, and SecureAuth + Core Security.
The 2018 Magic Quadrant for Access Management, Worldwide, available here, is only the second iteration of the report. Gartner created this report to replace the Magic Quadrant for Identity and Access Management as a Service (IDaaS) in 2017. Yet perhaps contradictorily, Gartner predicts in this fresh-faced report that by 2022 IDaaS will be the chosen delivery model for more than 80% of new access management solution purchases. IDaaS only constitutes 50% of deliveries today.
At Solutions Review, we read the 2018 Magic Quadrant for Access Management, Worldwide Report, available here, and pull a few of what we consider the most important takeaways since the 2017 AM report. Here they are:
How Gartner Defines Access Management
Perhaps unsurprisingly—given how recently they have begun examining this category—Gartner has not radically changed its definitions since the last Magic Quadrant for Access Management, Worldwide.
According to Gartner, “access management applies to technologies that use access control engines to provide centralized authentication, single sign-on (SSO), session management and authorization enforcement for target applications in multiple use cases.”
Gartner still retains a list of many non-core functionalities that AM solutions may or may not feature, including:
- Password Reset
- Identity Synchronization
- Identity Repository Services
Ultimately, the 2018 Magic Quadrant for Access Management, Worldwide focuses on authentication technologies, both embedded and through integration with other solutions. Gartner also used its definition to warn against password vaulting if possible, due to its inherent risks.
New and Absent Friends in Access Management
Gartner readjusts its Magic Quadrant evaluation criteria, often in response to market changes, each year. Therefore, sometimes vendors who appeared in the MQ one year may not return for the next one. By the same token, vendors who once did not make the cut previously may find themselves on the report.
Perhaps due to its relative youth, the 2018 Magic Quadrant for Access Management, Worldwide saw very few changes in the solution providers represented. Auth0 made its first appearance this year and was the only new vendor included.
Meanwhile, Covisint did not make the list this year. According to Gartner, Covisint did not meet the criteria for marketing or sales for all of its required use cases. Again, this does not mean the Covisint is an insufficient solution; it only means that it did not meet Gartner’s inclusion criteria for this particular report.
Where are the Access Management Challengers?
According to Gartner, the Challengers Quadrant show strong execution but perhaps not quite the brand awareness or completeness of vision as Visionaries or Leaders. They tend to be more focused on particular platforms or services than general use-cases.
Yet in the 2018 Magic Quadrant for Access Management, Worldwide (available here), the Challengers Quadrant remained blank; all of the vendors were concentrated in the other three quadrants. Does this mean that the market is maturing in Gartner’s estimation? Gartner does note that access management vendors are adapting to support more authentication models and API target services.
One Less Gartner Leader in Access Management
In 2017, the six leaders of the Magic Quadrant for Access Management, Worldwide were Okta, Oracle, Microsoft, IBM, Ping Identity, and CA Technologies.
In 2018, almost all of the leaders have in fact returned to the Leader Quadrant:
- Okta received praise for its rapid implementation and service functionality, plus its new LDAP interface.
- Oracle was lauded for its contextual and adaptive access support, and cloud architecture support.
- Microsoft was commended for working to deliver cross-functional security capabilities and bundled offerings.
- IBM’s integration capabilities, strong support staff, and support of multiple access management use cases garnered praise.
- Ping Identity was singled out for its authentication and authorization support for API targets.
Only CA Technologies did not return to the Leaders Quadrant, instead appearing on the Visionaries Quadrant. According to Gartner, this is because of a slower customer acquisitions rate and an IDaaS offering requiring some development.
However, Leaders are not necessarily the ideal selection for every enterprise. Instead, in Gartner’s definition, they provide feature sets that are appropriate for current customer use-case needs.
IDaaS, IoT, Authentication in AM
Gartner may be releasing a Magic Quadrant for Access Management, Worldwide (available here) instead of an IDaaS one, but it still values IDaaS highly as a critical capability of AM, hence the prediction given above. However, Gartner does note that IDaaS has only recently become capable of meeting use cases and become widely available. Software deployment is starting to give away to IDaaS, especially by larger enterprises, as it tends to be superior.
Access management solutions also need to adapt to the ever-growing Internet of Things (IoT) corporate culture. Gartner stated that vendors are beginning to use device context as part of their access decision-making. One challenge that still remains for many vendors is device intermediaries.
Gartner did note a distinct dilemma in authentication: adaptive access mitigates some types of attack and fulfill the rising demand for convenience, but can’t make up for compromised passwords or the inherent weakness of passwords. Gartner still recommends avoiding password vaulting and instead push their vendors to support standards-based federation.
You can download and read the full Gartner 2018 Magic Quadrant for Access Management, Worldwide here.