target audience: TECH BUYER Publication date: Nov 2022 - Document type: IDC MarketScape - Doc Document number: # US47254121
IDC MarketScape: Worldwide Governance Administration for Identity Security 2022 Vendor Assessment
Content
List of Tables
List of Figures
Get More
When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.
Related Links
Abstract
This IDC study presents a vendor assessment of the 2022 governance administration for identity security market using the IDC MarketScape model. Perhaps more than other identity security technologies, IGA is a solution where users never get to the top of the mountain and claim the job's done because the management of identities is in a constant state of flux. The older IGA installations are typically found within financial and government verticals where access reviews and certifications were a hard requirement and least privilege (LPA) was a dreaded, manual task. Credit the federal Sarbanes-Oxley Act (SOX) act passed in 2002 aimed at improving auditing and public disclosures as the tip of the identity governance requirements spear.
Fast-forward 20 years and organizations today understand the growing importance of IGA as identities (for people and things) have exploded in numbers. One retail organization serving as a reference said, even as recently as three years ago, there were 45 IAM tools within the company and more than 2,500 separate directory instances across three on-premises and cloud solutions managing 550,000 identities. Then consider that most employees likely have multiple assigned roles and the enormity of the problem becomes obvious. Automation, intelligence, and simplified orchestration capabilities are essential.
"The identity governance administration market is another fragmented opportunity for security vendors," said Jay Bretzmann, research vice president, Cybersecurity research, IDC. "Today's solutions are split across two main camps: passive on-premises solutions largely implemented for compliance purposes and active cloud-based solutions serving a more modern need for out-of-control access management situations with a focus on limiting the need for human involvement."