IAM solution time-to-value decreases again, bringing new opportunity
It’s no secret that IAM projects have traditionally come with some baggage. Often seen as requiring complex, lengthy, costly and disruptive integration projects this has lead to IAM being seen a necessary undertaking only when security or compliance concerns grow so great that business and technology leaders are reluctantly forced to mobilise. For 2015 however there are signs that this is a view that can increasingly be consigned to history. The long-term investment and growth seen in the IAM market has brought a wealth of technology innovation and an inevitable adjustment to meet wider IT market pressures to deliver in a simpler, leaner and more agile manner. Scepticism around IAM projects that promise to enable the delivery of rapid Return on Investment has ben worn down by the growing catalogue of real-world projects that are enabling business to deliver wide scope, high quality services to new audiences across a range of channels. At last IAM leaders can face the business with a new and very real proposition. Our project can add value to the bottom line quickly, so when do you want to start?
IAM to help meet the growing demands for improved online security
For all of the recent encouraging noises around IAM being able to distance itself from being primarily seen as an IT security lead solution, 2014 has also been a year where the reality of the vulnerabilities of an increasingly IT dependent world have also hit home. Major technical bugs such as Heartbleed and Shellshock have caused fear and alarm, while the nefarious activities of unknown hackers have laid to waste many false assumptions about the privacy of information that is held on-line – both at a personal and a corporate level. While the underlying risks that these events have brought to light aren’t exactly new, the changing perception of IT security and user behaviour that these incidents are driving do have considerable implications for the modern enterprise. Consequently in 2015 we expect to see that the IAM market will be shaped more and more by the reality of consumer demand as the calls for functions such as strong authentication and rigorous control over privileged access to systems and data increases. We expect to see the adoption of related IAM technologies grow as these components become a part of standard IT systems architecture, not just a nice-to-have addition.
Consumers want a better experience – and IAM holds the key
In 2015 we expect the IAM market to continue to adapt to the view that there is an increasing commonality between the IT service demands of all users - be they colleagues (B2E), partners (B2B) or consumers (B2C). The wide adoption of mobile computing is one of the factors driving this change, but this is also underpinned by the expectation from users that the very best experiences from their personal online interactions (for example, using social media services) should also extend into their interface with any enterprise service. The internet is driving a new era of connectedness and collaboration that by it’s nature needs to be built around a focus on identity and online relationships. Here IAM can now be seen as the cornerstone of any online service – setting the tone for a strong user experience right from the start – from service registration, through to login, account management, forgotten details and more. Hence, our prediction for 2015 is that most IAM conversations will start with a focus on the user experience, not just address it somewhere along the way.
Identity and the Cloud – the continued evolution of IDaaS models
In 2015 the IAM market will need to keep pace with the demands for new delivery and pricing models that are shaping IT across the board. Identity and Access Management as-a-Service (IDaaS) models are already gaining good traction in the market with a solid business case for helping the enterprise manage access for an ever broadening array of SaaS applications. In the coming period we expect to see a further evolution of IDaaS to go further in meeting the goals that align to more traditional Identity Governance programmes. The goal here will be to deliver a greater degree of integration between on-premise and cloud based services, but in a way that does not compromise the key benefits (lower cost of ownership, quicker time to value) that any as-a-Service platform brings. We therefore expect to see the best IDaaS solutions being those that go beyond the promise of integration with a myriad of SaaS applications, to those that extend into the enterprise too – working with enterprise directories and other existing on-premise repositories of user data to bring advanced functions for controlling and managing access at a deeper level.
IAM to enable Enhanced Security Intelligence
We already know that IAM can bring value to the business over and above the value of the IAM controls alone. In 2015 we predict that this trend will continue as we build better and deeper integrations with complementary enterprise technologies such as Security Information and Event Management (SIEM) and Business Intelligence tools. Here enterprises can expect to get an enriched view which combines and understanding of ‘who has to access to what’ with ‘who is accessing what’. Such approaches may be used to aid the investigation into security events or improve the remedial actions that are taken when risks are identified (for example, suspending all access for a user where suspicious activity is spotted). Furthermore bringing these technologies together will help enhance the security posture of any enterprise by delivering a focus on the activities of privileged users themselves – helping to enforce critical protection for another significant focus area for 2015 - the insider threat.