1000words - Fotolia

IT copes with changing identity management market

Identity and access management tools are critical today, as companies seek ways to handle users' distributed resources. IT shops have tough choices in an evolving market.

CHICAGO -- With the identity management market in flux, IT shops must consider the pros and cons of choosing small, stand-alone providers versus larger vendors.

Smaller providers such as Ping Identity, Okta and others that focus on identity and access management (IAM) face stiff competition from larger vendors that include identity management in broader product suites, such as Microsoft and VMware. Microsoft includes its Azure Active Directory (AD) for free in Office 365, for example, making it harder for smaller, stand-alone IAM vendors to compete. For IT, that means adjusting to the possibility of their IAM providers being acquired and more carefully considering where they get IAM in the first place.

"The smaller [vendors] long term are not going to survive," said Jack Gold, founder and principal analyst at J. Gold Associates LLC in Northborough, Mass. "That's just the way of the world."

The leading vendors in the identity management market are Okta, Microsoft, Oracle, Ping, IBM and CA Technologies, according to the Gartner Magic Quadrant for Access Management.

Unlike the other leaders, Okta and Ping primarily focus on IAM. They have both made acquisitions of smaller vendors in the last year, and they have been doing well for themselves in the market, but they still need to be wary of their much larger competitors, Gold said.

"The trick is they have to get bigger quick," he said. "They are more likely to get purchased by somebody in the longer term."

IAM software allows IT to authenticate users and permit or deny access to business applications and data based on policy. It provides these capabilities to third-party applications through their software development kits.

Consolidation brings risk for IT

Some organizations have already felt the effects of IAM consolidation. Chemical Abstracts Service, a provider of chemical research information in Columbus, Ohio, was an UnboundID customer until Ping acquired that vendor in August 2016.

Ping honored Chemical Abstracts Service's contract with UnboundID and kept the same support staff in place, which led to an easier transition process, said Collin Spears, IT project manager at Chemical Abstracts Service. Still, it's not always easy to switch software, Spears said here at Ping's annual conference, the Cloud Identity Summit.

"Every company's experience with that likely will not be so smooth," he added. "There is a risk there."

Given the direction the identity management market is headed in, organizations should be wary of choosing a small, stand-alone vendor that might not be around in a few years, Gold said.

IAM is all about the apps

The advantage of smaller, stand-alone IAM vendors that don't offer their own business applications, such as Ping or Okta, is they often support a wider range of business software from other vendors.

"They get that it has to be a cross-platform play," said Eric Klein, director of mobile software at VDC Research Group Inc. in Natick, Mass.

The smaller vendors are more dedicated.
IT manager for the Department of Homeland Security

Plus, there are often less steps for IT to provision each user for their applications, and a smaller vendor's support team is typically more hands-on, Klein said.

This is because they focus on IAM, whereas larger vendors have their hands in multiple areas, said an IT manager for the Department of Homeland Security in Washington, D.C.

"The smaller vendors are more dedicated," he said. "They are more open because they have to be. Their business depends on them working well with everything. If all you do is fix bicycles, you'd be pretty good at it."

Larger vendors are adding support for more business applications to their IAM software, however. More than 219,000 third-party apps support Azure AD, and Microsoft partnered with Ping to integrate it with PingAccess. That allows mobile workers using Azure AD to access on-premises applications from any device without the need for a virtual private network.

Smaller vendors can further differentiate themselves by adding higher levels of encryption and data analytics that can alert IT to unusual user behavior, Klein said. Better integration with different popular business platforms and applications will also dictate which IAM products companies choose, said an IT director at a large university in the Midwest.

"If you're a full-on Microsoft shop, then you should use Azure AD. But if you're a full-on Mac shop, let's say, then maybe there is an IAM provider who works better," he said.

Next Steps

How to jump-start IAM in the cloud

IAM tools are changing cloud security

Manage unstructured content with IAM

Dig Deeper on Enterprise mobile security