I was lucky enough to attend last month’s annual gathering of identity leaders and practitioners, and boy was it good to be back together in-person! If anything the IAM community is stronger than ever, with happy hours in full swing, fully booked meeting suites, and late nights spent catching up after the show.
A few takeaways I thought I’d share after sitting in on a number of the analyst-led sessions:
The Concept of an Identity Fabric is Taking Off
Whew, was this phrase everywhere this year. It was mentioned in nearly every analyst session, and I couldn’t help but notice the number of vendors who have incorporated this concept into their marketing and their booth displays. And why wouldn’t it? The identity fabric—while still about 10 years out, according to Erik Wahlstrom’s session–begins with the current IAM ecosystem, and it’s a target to be evolved towards. As opposed to earlier trends towards centralization, the fabric approach is about being composable, extensive, and agile. My favorite line of the conference was that “standards are the threads of the fabric,” and with many emerging standards like OPA and IDQL, the possibilities are exciting.
There’s a Lot of Room for Modernization Around IGA
The sessions I went into focused on IGA—especially the Market Guide session with Rebecca Archambault—were standing room only! David Collinson’s session confirmed what we’ve heard from many Radiant Logic customers—at least 50% of IGA deployments are in distress, and there is certainly no one-size-fits-all solution. It is without a doubt the most complex and burdensome of IAM projects, and arguably the area that is the most ripe for innovation and disruption. Finally, we heard again that the first step in a successful IGA deployment is data clean-up and entitlement management—like many projects in IAM, it all comes down to being able to access the right data at the right time.
Zero Trust is Moving From a Buzzword to a Board Room Priority
As John Pritchard mentioned in our podcast, Zero Trust is now becoming table stakes. It’s not something you can buy, but it is something that must be adopted at all levels of the IAM structure. In Ramon Krikken’s session, he emphasized that it’s actually a misnomer—it’s not about “Zero Trust,” but about reducing and eliminating implicit trust, and basing your trust on identity and context in adaptive systems. As supported by NIST’s recent architecture documents, accessing run-time identity is key to the Zero Trust strategy. That’s the result of having a perimeter-free world—identity is both a key attack surface, and the ultimate control surface.
Cloud Infrastructure Entitlement Management (CIEM) is Having a Moment
According to Henrique Teixeira’s session on this topic, he speaks to at least two new CIEM (pronounced “KIM,” because we need another acronym) vendors per month. This supports recent findings from 451 Research as well, who predicted that this segment will be the fastest growing submarket in identity and access management over the next five years. Very exciting to see the interesting use of analytics and machine learning to detect anomalies, and we’re looking forward to seeing how demand for this type of solution evolves—will this get stuck in the trough of disillusionment, subsumed by other tools, or are we on the fast-track to wide adoption?
Convergence of Identity Tools is a Very Real Trend, But it Demands Compromise
We’re seeing many vendors creep into adjacent spaces, offering “good enough” products to fulfill the baseline needs of related IAM sub-segments. According to Gartner Research, 85% of Access Management vendors are expanding into IGA or PAM features. On the one hand, this is very appealing; borrowing a metaphor from the session on the Access Management market, you can go to Walmart and buy a “good enough” bike that gets you from home to your local coffee shop. On the other hand, convergence means you’re only getting partial functionality, and if you’re looking for an enterprise-grade solution, you may need something more than the “light” options provided by a converged platform. If you’re looking to complete a Century ride, you’re going to tire pretty quickly on the ten-speed from Walmart. Similarly, your converged platform can only get so far in complex, siloed, and legacy identity environments.
For now, we’re still digesting the learnings for the many sessions, analyst meetings, and customer conversations (not to mention the Vegas dinners). It does feel that we’re in a unique moment for identity, when it finally has a seat at the table—when an identity-enabled business is reaching the most senior levels of the organization. It’s a great time to be doing this work.
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.