One of the biggest concerns and challenges in cyber security is knowing who has access to which data and applications within an enterprise at any given time. This has become all the more complex for IT and security management with the growth in cloud services and the increased use of mobile devices, which create many more points of access within organizations.
As noted by research firm Forrester Research, new partnership and customer engagement models have extended the “identity boundary” of today's digital businesses, and cyber security professionals must manage identities and access across a variety of populations, device access methods, and hosting models.
Not surprisingly, there is a growing worldwide demand for identity and access management (IAM) technologies that help companies control who can access information resources. A strong IAM strategy protects organizations and their customers from sophisticated cyber criminals and improves efficiencies, Forrester said.
A 2018 report by Research and Markets estimated that the global IAM market will reach $22.68 billion by 2025, rising at a compound annual growth rate (CAGR) of 13% during the forecast period.
The growing adoption of cloud services and mobile devices and the emergence of insider threats—combined with strict regulatory compliance requirements—are leading to a rise in demand for these types of security capabilities, the report said.
The IAM market has evolved from a focus on access control and identity management to include governance and analytics, according to a February 2019 report by research firm Frost & Sullivan.
IAM has grown more essential for organizations as mobility has broken down the physical perimeter that once protected corporate information and systems, the study said.
“Enterprises must secure remote access to their systems while not adversely affecting the productivity of employees and partners working through these systems with cumbersome access and security processes,” the report said.
As the threats to networks and systems grow through the actions of more sophisticated and aggressive hackers, IAM suppliers are responding with more integrated platforms, Frost & Sullivan said. The public nature of the threat over the last several years is driving enterprises to the IAM market.
More organizations are deploying cloud-based IAM platforms. Using cloud-based services, large businesses are able to more easily embrace a hybrid model that better supports both on-premises and cloud environments, the report said.
One of the goals with using IAM tools, as with virtually any type of cyber security technology, is to bolster security without affecting end user experience or productivity.
“Enterprises do not want to inhibit access to core business systems to be the price they pay for implementing more robust security,” the Frost & Sullivan report noted. IAM systems that can improve both security and productivity will likely see growing demand.
Governance is also a key driver of IAM, as newer regulations around the world such as the General Data Protection Regulation (GDPR) in the European Union take affect. These regulations are making it painful for companies that fall short on compliance, and this will help contribute to strong growth in the market, Frost & Sullivan said.
Gartner Inc. predicts that biometric authentication centered on mobile devices, and delivery via software-as-a-service (SaaS) offerings will be growing trends within the IAM market.
The research firm predicts that by 2022 70% of organizations using biometric authentication for workforce access will implement it via smartphone apps, regardless of the endpoint device being used. In 2018, this figure was less than 5%.
Reduced costs and improved user experience and customer experience are fueling the increasing interest in biometric authentication, Gartner said. Security and risk management leaders responsible for IAM and fraud prevention continue to look for approaches for identity corroboration that balance trust and accountability against total cost of ownership and user/customer experience, it said.
And the firm estimates that by 2022 40% of global mid-size and larger organizations will use IAM capabilities delivered as SaaS to fulfill most of their needs. That would be up from just 5% in 2018. SaaS-delivered IAM is often deployed to enhance access management software implementations, Gartner said.
The ease of implementation and fast deployment time for SaaS-delivered IAM offerings have proved valuable to organizations that favor SaaS adoption and don’t consider the operational management of IAM functionality a core part of their business, the firm said.
Based on Gartner’s interactions with clients, most SaaS-delivered IAM is for access management and lightweight identity governance and administration functionality, such as single sign-on. These cloud-based offerings provide excellent connectivity and include quality access management and password management features, it said.