Sign Of The Times: When Identity Access Management Platforms Aren't Ready For The Cloud


An emerging collection of Identity-as-a-Service vendors are disrupting traditional on-premise identity management platforms as the adoption of cloud-based services from Salesforce.com, Box, Google Apps and Microsoft Office 365 continues to skyrocket.

Business owners are considering SaaS platforms from OneLogin, Okta, Ping Identity and other vendors to make logging into Web-based services a seamless process for employees, say solution providers and other industry observers. The market has been in a state of flux with traditional, on-premise platform makers retrofitting their platforms to support cloud delivery or acquiring components to meet customer demands for SaaS, said Andras Cser, vice president and principal analyst at Forrester Research, who predicts a market shakeup.

"There is absolutely room for consolidation because this is a very crowded market," Cser told CRN. "There are a large number of players in this crowded space, which is quickly commoditizing."

[Related: Discovering The SaaS Footprint]

Large enterprises with significant infrastructure are often invested in on-premise identity and access management platforms from Oracle, CA Technologies, Dell, IBM-Tivoli, NetIQ, RSA-Aveksa and others. Symplified, one of the earliest vendors in the Identity-as-a-Service market, met an early demise in June when RSA acquired its assets.

Research firm IDC projected that the identity and access management market would reach $4.8 billion in 2013 and predicts continued market growth, reaching $6.9 billion in 2017. Analysts are looking at Ping Identity, a market leader, as a potential IPO candidate. Meanwhile, Ping Identity and other platform makers are busy adding capabilities such as user provisioning, customer-facing inbound identity services, access monitoring and analytics, and cloud encryption or data loss prevention.

The demand for Software-as-a-Service delivery models is one of the biggest growth drivers, said Pete Lindstrom, a research director for IDC's security products program. Organizations are focused on privileged identity and refining access controls among groups of end users, Lindstrom said.

SaaS identity vendors are creating opportunity for solution providers that specialize in delivering identity management projects to enterprises and for those migrating customers' Microsoft Exchange to Office365 and other cloud services. Larger businesses, often heavily invested in complex and incomplete on-premise identity and access management platforms, require customized solutions to extend capabilities to cloud services, said Todd Clayton, president and CEO of Coreblox, a New York-based identity management consultancy and solution provider.

"We don't typically see customers moving everything to the cloud so they're stuck with the problem of keeping certain pieces on-premise and certain pieces in the cloud," Clayton said. "Our job is to help them figure out how to stitch them together into a cohesive experience."

For cloud projects, organizations want to know how to properly authenticate users and need to be guided in maintaining authorization for users and understanding the options available to protect data in the cloud, said Tyson Kopczynski, a security solution principal at Slalom Consulting in San Francisco.

Organizations are increasingly shedding on-premise, monolithic identity platform implementations that are costly to build and maintain in favor of Identity-as-a-Service offerings or a hybrid approach, Kopczynski said. Even Microsoft, with its Azure Premium Active Directory offering, is looking at progressing into Identity-as-a-Service on its road map, Kopczynski said. Businesses will look to SaaS providers that remove some of the longstanding issues that hamper traditional identity projects and increase costs, he said.

"As a business, once you go down the SaaS road it starts removing some of the cost and complexity of maintaining [identity access management] within the organization," Kopczynski said. "All the major players seem to have a converging road map that sees [identity access management] in the cloud."

NEXT: Finding The Right SaaS Indentity Partner