The 20 Coolest Identity Access Management And Data Protection Companies Of 2023: The Security 100
From vendors offering robust identity security capabilities to those focused on securing the data itself, here’s a look at 20 identity management and data protection companies to watch.
Coolest Identity Management And Data Protection Companies
With so many workers now outside the corporate firewall, hackers have increasingly been targeting identity credentials as the means to access a company‘s sensitive data. Misuse of identity credentials is by far the largest source of breaches, according to data from Verizon. That has prompted a number of industry analysts to declare that its the erosion of the firewall-based corporate perimeter, the new perimeter is really identity.
As a result, tools for identity and access management (IAM) have been in high demand, and vendors that can help control access to an organization’s applications and other resources have been generating strong growth. In Gartner’s 2022 Magic Quadrant for Access Management, which was released in November, the Leaders quadrant consists of CyberArk, ForgeRock, Microsoft, Okta and Ping Identity. Research firm MarketsandMarkets forecasts that the IAM market will surge to $25.6 billion by 2027, up from $13.4 billion in 2022.
Another key element to consider when securing against modern cyberattacks is perhaps a no-brainer: Data protection. While solutions such as data loss prevention (DLP) have existed for years, the technologies are considered increasingly critical as a way to stop both external attempts at data theft and insider threats. In fact, many businesses are now being prompted to deploy DLP to get a better rate on their cyber insurance, said Doug Wilfred, corporate security practice lead at SHI, No. 13 on CRN’s 2022 Solution Provider Provider 500. And ransomware also persists as a serious threat to data, he said, given that attackers will typically try to copy data before deploying ransomware and encrypting the victim’s systems. Ultimately, the issue of “how do I keep my data from leaving” is among the biggest questions that customers are asking today, Wilfred said.
What follows are the 20 identity management and data protection companies that made our Security 100 for 2023.
Acronis recently introduced its Advanced Data Loss Prevention pack for the Acronis Cyber Protect Cloud platform. Notably, the offering aims to help MSPs protect their customers from the threat of data leakage.
Board Member, CEO
Privileged access management specialist BeyondTrust brings together privileged password management, endpoint privilege management and secure remote access into a unified platform offering centralized management as well as reporting and analytics.
BigID has enhanced its privacy and data protection platform with new features designed to reduce vulnerabilities that could pose a security threat. The company said it is offering an “industry first” with the launch of automatic remediation around management of access and permissions on overexposed data and over-privileged users.
Broadcom offers identity and access management capabilities via its acquisition of Symantec, including verification of user and device access requests and enforcement of least privileged access. It also provides automation for user provisioning and access governance as well as privileged access management.
Code42’s security product portfolio includes the Incydr data protection offering, which enables security teams to detect, investigate and respond to insider threats. Features include identification of data exposure, prioritization of risks and forensic search capabilities.
Founder, Chairman, CEO
Within the portfolio of privileged access and identity security company CyberArk, notable products include its Identity Secure Web Sessions offering. The product records, audits and protects end-user activity within designated web applications, providing efficient identification of anomalous activity and enabling investigation.
Founder, Chairman, CEO
Dell recently launched Dell PowerProtect Cyber Recovery for Microsoft Azure, which allows organizations to deploy an isolated cyber vault in Azure to protect against ransomware attacks, as well as Dell Apex Cyber Recovery Services, which aim to simplify recovery from cyberattacks.
The ForgeRock Identity Platform provides identity and access management security capabilities in on-premises and multi-cloud environments, as well as in hybrid scenarios for workers, customers, workflows and devices. The platform aims to deliver zero trust security and protect against account takeover and fraud.
Fortra, which changed its name from HelpSystems in November, has a number of data protection offerings that leverage technology from several of the company’s acquisitions, including that of Digital Guardian. Offerings include data classification, data loss prevention and digital rights management.
With a focus on enabling data security and privacy, Immuta offers capabilities including centralized data access control, cloud data discovery and classification, and consistent data privacy controls. The offerings aim to provide greater automation of controls for data access and privacy within cloud-based data platforms.
Microsoft ‘s focus within the realm of identity management is on its Entra product family, which launched last year and includes its widely used Azure Active Directory identity service as well as cloud infrastructure entitlement management and decentralized identity offerings.
Okta has been working to build out its portfolio beyond its flagship identity and access management lineup, including with the recent introduction of Okta Identity Governance and the forthcoming launch of Okta Privileged Access. The company is integrating them as a unified offering, the Okta Workforce Identity Cloud.
OneTrust’s cloud-based platform unites a number of products in the realm of data security and privacy. Those include data governance capabilities such as data discovery and cataloging as well as privacy management, governance and policy management, third-party risk management and compliance management.
With its PingOne for Workforce offering, Ping Identity provides an authentication hub that is centrally managed and can serve as the basis for a zero trust strategy. Key capabilities include no-code identity orchestration, single sign-on for all apps, adaptive multifactor authentication and centralized access security.
RSA last year pivoted to focus its business entirely on identity security, which it’s doing across its flagship SecurID identity and access management platform along with the recently introduced ID Plus, which delivers identity and access management as a SaaS offering with an option for cloud, on-premises or hybrid versions.
SailPoint has been branching out beyond its roots in identity governance and administration to add cloud access management, password management, access risk management and more. New capabilities have included AI-driven automated discovery and remediation for anomalous identities and high-risk user access permissions.
Founder, Chairman, CEO
Offering what it calls a “converged identity platform,” Saviynt is focused on governance of employee access to business resources—ultimately aiming to improve the control that a partner or customer has over identity access across both cloud and on-premises environments.
Semperis provides products that seek to prevent malicious access to Microsoft Active Directory and Azure Active Directory. Key features include the ability to spot changes to AD and Azure AD that would bypass security logs and then automatically remediate any changes deemed malicious.
SkyHigh Security, formerly the McAfee Enterprise security service edge business, offers a data-driven approach to cloud data loss prevention as well as secure web gateway, zero trust network access, cloud access security broker, remote browser isolation and more.
Co-Founder, Chairman, President, CEO
Varonis launched a SaaS version of the company’s data security platform, with the aim of enabling simplified deployment, faster updates to threat models and policies, more proactive detection and response to threats and “autonomous” reduction of cyber risk.