What’s Changed: Gartner’s 2018 Magic Quadrant for Identity Governance and Administration (IGA)

gartner iga identity governance MQ magic quadrant Solutions Review

It’s here at last: technology research and analysis firm Gartner, Inc. has released the annual iteration of their Magic Quadrant (MQ) Report for Identity Governance and Administration (IGA) for 2018. The 2018 Gartner Critical Capabilities for Identity Governance and Administration Report is available here. 

For the uninitiated, in this report Gartner evaluates the strengths and weaknesses of the 15 Identity Governance and Administration vendors that it considers the most significant in the market based on distinct service and market share criteria.

The report then provides readers with a graph—the so-called Magic Quadrant—plotting the vendors based on the completeness of, and their ability to execute on, their security platform’s vision. The four categories of the Quadrant are Leaders, Visionaries, Challengers, and Niche Players. Gartner does not endorse any vendor, product, or service depicted in its research publications.

This year the 15 vendors selected to the Identity Governance and Administration Magic Quadrant are: AlertEnterprise, Atos, CA Technologies, Core Security, Dell Technologies (RSA), Hitachi ID Systems, IBM, Micro Focus (NetIQ), Microsoft, Omada, One Identity, Oracle, SailPoint, SAP, and Saviynt.

The 2018 IGA Magic Quadrant is the sixth iteration of the report after Gartner introduced the category in 2013. According to Gartner, the IGA market is mature in terms of on-premise software, but the market is also undergoing significant transition; IGA-as-a-service options are becoming increasingly prevalent among vendors. Gartner predicts that by 2022, cloud and service-based solutions will surpass on-premise as the primary model.

At Solutions Review, we read the 2018 Identity Governance and Administration Magic Quadrant report (available here) and pulled a few of what we considered the most important takeaways since the 2018 IGA MQ. Here they are:  

How Gartner Defines Identity Governance and Administration

Gartner’s definition of IGA appears to have changed very little since the 2017 MQ report. According to the analyst house, IGA is a central component of Identity and Access Management (IAM) designed to “manage digital identity and access rights across multiple systems and applications.”

Identity Governance and Administration solutions achieve this by aggregating and correlating identity and permissions data found throughout an enterprise’s digital ecosystem, and then utilizing that data to perform its core functions. Just like last year, Gartner considers IGA’s core functions to include access requests, access certification, auditing, reporting and analytics, workflow management, entitlement management, and identity lifecycle management.

Together these functions govern the granting, maintenance, and removal of permissions, as well as the certification of that access. IGA also reports on the identity data discovered for governance purposes.

To be considered for entry to the IGA MQ, a vendor’s solution must be capable of supporting an integrated identity repository, role-based administration of identity governance, and management of access requests, among other features. Additionally, the vendor must have a total revenue of at least $22 million for IGA products of their own design, sold to enterprises in different verticals, over the course of a year. They must also have solid customer service records.   

With that cleared up, let’s dig in.

Few New Names, No Missing Faces

In response to market changes and predictive data, Gartner readjusts its evaluation criteria for the Magic Quadrant every year. Oftentimes, this results in vendors who appeared in the MQ one year not appearing in the next one. By the same token, vendors might return or be included for the first time in any given year.

However, 2018 saw the member vendors of the Identity Governance and Administration Magic Quadrant grow ever so slightly. No vendors from last year were dropped, while only 2 new names were added. Hitachi ID Systems returned after being cut from the 2017 MQ as its IGA revenue grew. Microsoft made its first appearance on the MQ thanks to its new IGA tools.

The IGA Challengers Break Through

Gartner considers the Leader vendors of the Identity Governance and Administration Magic Quadrant to “deliver a comprehensive toolset for governance and administration of identity and access” while also demonstrating and executing on a clear market vision. As always, Gartner emphasizes that the vendors of the Leaders Quadrant are necessarily the best nor the right fit for all enterprises. A Niche Player vendor might be much more suitable in its area of focus.

2018 saw the Leader Quadrant swell in ranks as vendors previously hovering just on the outside last year finally broke through— much as we predicted. Previous Leaders SailPoint, Oracle, CA Technologies, and IBM returned and were joined by newcomers One Identity and Saviynt. Gartner singled out Saviynt for having “the most fully featured IGA solution delivered as a service” of any of the featured vendors. One Identity received praise for its excellent accessibility and effectiveness with deep integration.

Of the 2017 Challengers, only Omada remained in the same quadrant; Gartner noted that it has high customer satisfaction rates but continues to lack brand awareness outside Europe.   

Movement in the Challengers and Visionaries Quadrants

Micro Focus (Net IQ) was the only Visionary in the 2017 Identity Governance and Administration MQ, just behind the Leader line. 2018’s MQ saw Gartner move the vendor to the Challenger Quadrant, just out of reach of the Leaders once again. Gartner listed a few reasons as to why, primarily singling out their merger with HPE delaying their IGA platform’s enhancements.

Once again, only one vendor found its way to the Visionary Quadrant: Dell Technologies (RSA). Gartner defines Visionaries as having the tools but not the resources to execute on their vision, however innovative. RSA met that criteria with a strong IGA product and excellent user interface while mired by its lack of support and maintenance.

The Race to the Identity Governance Cloud is Not Over

Gartner’s predictions of the IGA market in 2018 centered on the cloud and -as-a-service models. By their projections, 40% of IGA buyers will select the cloud-architected solution by 2021. Another 15% will select the cloud-hosted software. Gartner firmly believes that the new models will save buyers a considerable amount in upfront and long-term costs; cloud-architected IGA services are faster to deploy and easier to manage and upgrade.

Gartner notes that solution selectors should be wary of the required internal maintenance and the monitoring IGA solutions need, and how they can be difficult to integrate with existing architectures.

Since we released this report, IGA has only become more important. More and more enterprises are considering, and outright making, the transition to the cloud. This has the benefit of providing a scalable IT environment, but simultaneously increasing the dangers of insider threats. Permissions in such an environment need to be tightly controlled and monitored, and users need to be evaluated that they only have the permissions necessary for their roles. Identity governance and administration solutions are designed to fulfill this need for monitoring—both for internal security and for regulatory compliance.

If your enterprise has already embraced its digital transformation or is considering the jump, now is also the time to consider an identity governance and administration solution for your IT environment. Your employees shouldn’t be allowed to run wild with undue access or dangerous permissions. It’s time to bring the discipline you expect in the physical workplace into the digital one.

You can read the full Gartner Magic Quadrant for IGA report on the Gartner website. You can download the 2018 Gartner Critical Capabilities For Identity Governance and Administration Report, courtesy of Saviynt, here

Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner