Partners: DevOps Presents Next Wave Of Opportunity Around Identity And Access Management

Security partners say they're seeing a significant opportunity around identity and access management, and believe the next step in exploiting it is to expand into DevOps.

"Where we are seeing wallet with customers is around identity and access management. Those customers are racing to identity solutions, and DevOps is driving a lot of that… There's a lot of tail winds around DevOps and access management," Aubrey Turner, client solutions advisor for Identity and Access Management at Denver-based Optiv Security, said.

Scott Whitehouse, vice president of channels and alliances, Americas at Newton, Mass.-based CyberArk, agreed, calling DevOps the "next horizon" for the identity and access management market. He said that opportunity will accelerate as more companies start to use DevOps and new applications as a revenue driver.

[Related: 2017 Security 100: 15 Coolest Identity Management And Data Protection Vendors]

Sponsored post

"As soon as you extend [security] into DevOps, the next thing you realize is that… the security risk is ongoing," Whitehouse said. CyberArk doubled down on this opportunity in May with its acquisition of Conjur.

The identity and access management is expected to reach $14.8 billion by 2021, up from $8.1 billion in 2016, according to research firm MarketsandMarkets. That represents a combined annual growth rate 12.9 percent. Partners spoke with CRN about the identity and access management market at an exclusive roundtable, held at CyberArk's Impact 2017 conference, held in Boston this month.

However, partners said it's still early for the opportunity to bring identity and access management and privileged account management (PAM) to DevOps. Optiv's Turner said the "majority" of customers are still focused on locking down the basics when it comes to IAM and PAM, with some of the more mature security customers starting to look at DevOps as the next step in that area.

"It's sort of the looming challenge and we will get more of those customers. We are still helping some clients with the more fundamental controls," Turner said.

Chris Hall, partner at PricewaterhouseCoopers, said he also sees customers focusing on "fundamental hygiene" around IAM and PAM, especially after recent ransomware outbreaks. However, he said DevOps is the "next evolution of the conversation."

Hall said the move to bring security into the DevOps process means that different teams within customer organizations need to come together. He said channel partners can play a critical role in helping customers have those conversations by sitting the security, infrastructure, operations, and DevOps teams at the same table.

"Nothing brings these teams together more than something like identity," Hall said. "A lot of that is pulling these teams together as you do the architecture design of a solution and other identity solutions."

Ketan Kapadia, vice president, identity and access management at Toronto-based Herjavec Group, said those conversations provide an opportunity for partners to establish themselves further as trusted security advisors with clients. As the evolution of DevOps is very industry-specific, he said partners can play a key role in tailoring security to a client's personalized DevOps practice.

All of the partners agreed that the opportunity around DevOps is still in its early days. Kapadia said some industries, including retail and finance, are moving faster than others. However, Optiv's Turner predicted that opportunity will grow as security incidents inevitably move into the DevOps world. CyberArk's Whitehouse agreed, predicting the there will be more opportunity as the volume of risks around DevOps grows.

"Clients out there are leading with a risk-based approach," Whitehouse said. "If more organizations see DevOps as a huge risk for them, then they will start addressing them faster."