Platforms designed to help organizations manage the complex issues associated with identity management and access governance are extremely mature, but organizations deploying them seek help implementing long-standing projects and getting all the pieces to work well together, say experts and solution providers that have overseen such large-scale projects.
The complexity associated with identity and access management is well known, channel providers told CRN. Projects initially expected to take months can sometimes last years, said Matt Linde, a data security expert formerly with Houston-based Triumvir, a SailPoint partner. Systems are often complex, disparate and extend beyond the company's data center, Linde said.
"Some people spend far more than they ever wanted to or needed to, and sometimes they don't get the value they intended to get out of a solution," Linde said, speaking generally of access governance projects. "Many projects are typically going to need a group of people to operate a large capital investment with the understanding that it's a multiyear ROI calculation and it's not a simple install."
The identity and access management market is undergoing major changes this week following EMC's acquisition of Aveksa. The company will operate in RSA's Identity Trust Management product group and be integrated with RSA's adaptive authentication strategy. The market is dominated by vendors with large services teams, such as IBM, Oracle, CA and NetIQ.
Following the Aveksa acquisition, SailPoint is the last
viable indepndent vendor with a complete platform, according to Andras Cser, vice president and principal analyst at Forrester Research. Point products that solve specific issues, such as multifactor authentication, provisioning and reporting also remain, but they don't typically offer a unified dashboard to manage access to systems and enforcement of identity and access policies while controlling user provisioning, Cser said. The platforms can scale to company environments.
"In today's market cloud support is important," Cser said. "Being able to deliver the offering as a cloud-based offering and not just support cloud-based applications, but the ability of enterprises to source the whole solution from the cloud has been gaining interest."
NEXT: Vendors Unveil Cloud IAM SupportIn addition to Aveksa, NetIQ provides NetIQ Cloud Security Services. Cser said IBM partners with Lighthouse Gateway, which provides multitenancy. Oracle partners with Wipro and Simeio Solutions to provide multitenancy support, Cser said. CA recently updated its CloudMinder product, announcing support for additional on-premises and cloud applications.
Cser believes the top vendors will be able to work with companies to consolidate user stores and cloud SaaS applications into a cloud user store. Vendors should be able to support both on-premises and SaaS-based applications.
Identity and access management vendors that are more channel-friendly support multitenancy, said Binod Singh, CEO of San Antonio-based Ilantus Technologies, an Aveksa partner. Multitenancy support enables providers to use one instance of a platform to multiple clients.
Singh called the acquisition exciting and said he expects RSA to embed additional intelligence capabilities into the Aveksa platform. The acquisition is a good fit because RSA has been strong in intelligence but it did not have strong administration and governance capabilities, while Aveksa's administration is new and relatively immature in its character, Singh said.
"They're trying to do some sort of Scotch-taping to bring in BYOD functionality and, secondly, they're bringing in that cloud piece," Singh said of identity and access management providers.
All the identity and access governance vendors are consolidating user administration and provisioning, identity and access governance and identity access intelligence into a full-fledged platform, Singh said.
PUBLISHED JULY 15, 2013