Worldwide identity and access management (IAM) revenue will reach $9,9-billion in 2010, an 8% increase from 2009 revenue of $9,2-billion. Gartner says that compliance, audit and analytics requirements continue to be the main factors influencing investments in IAM, alongside operational efficiency and better integration across IAM solutions.
"Although the economic downturn has affected the IAM market, it is proving to be fairly resilient and, along with other security areas, IAM continues to receive higher prioritisation compared with other technologies," says Ruggero Contu, principal research analyst at Gartner. "IAM technology is a critical component of enterprises' security strategies, and Gartner clients have indicated that approximately 8 per cent of their security budgets are dedicated to IAM."
Overall, the IAM market is estimated to grow to $11,9-billion by the end of 2013. Contu says IAM products will continue to attract interest and investment during the coming years because it remains a critical technological area for enabling businesses to improve and automate processes relating to access management.
However, the evolution of the market has been impacted by a number of internal and external factors. Internally, merger and acquisition activity has resulted in the consolidation of the vendor landscape around larger, established players, particularly in key areas such as user provisioning and web access management. Externally, the impact of the economic downturn and the consequent tightening of IT budgets, with a related increasing demand for IAM as a service type of product, have influenced the levels of spending directed on IAM and delivery models end users are opting for.
Data based on interactions with clients at Gartner IAM Summits in 2009 in North America and Europe, the Middle East and Africa (EMEA) provided insight into what are considered to be the most valuable and critical technologies to be employed as part of IAM corporate strategy. More established mature tools were mentioned alongside emerging products and among areas showing the highest interest were role-based access, followed by single sign-on. Within the more-emerging IAM technologies, products relating to privileged accounts management and entitlement management appeared to be of the highest criticality.
Suite-based IAM technology currently appears to be the most-preferred product type for organisations and looks set to become even more prevalent in purchasing strategies. Almost 40% of companies interviewed indicated this preference during the next couple of years, together with an increasing reliance on managed security services and consulting services for IAM.
IAM functionality delivered as a service is still in its early stages with survey respondents indicating that between 1% and 5% of their IAM budget are spent on IAM technologies purchased under a software-as-a-service (SaaS) agreement. However, driven by economic and technological factors, and the expanding availability of SaaS and cloud computing, purchase of IAM functionality delivered as a SaaS is expected to accelerate over the coming years.
This is confirmed by a Gartner survey of 111 end-user respondents in North America and EMEA showing that 27% of the businesses interviewed during the 2009 IAM Summits agreed, pointing to an expected increase in spending on SaaS IAM products by 2011.
"A hierarchy of IAM-as-a-service requirements will evolve over the coming years, beginning with basic authentication and access management needs and progressing to provisioning and administration functionality," says Contu. "Compliance reporting and analysis services for existing enterprise-based IAM will also evolve quickly to accommodate the rise in complexity of enterprise IAM needs without wholesale expansion of the enterprise IAM solution."
Gartner further predicts that cloud-computing "construction" for private clouds will require specific IAM-as-a-service functionality to accommodate scale and standardised-delivery needs. Public cloud computing will drive IAM standards, with multiple vendors vying for the role of "toolkit providers" for both the public and private clouds.
"This will be increasingly important as a means of meeting requirements related to credential management and licensing models for use, and we can expect that new vendors will enter the IAM-as-a-service market from unexpected segments (for example, virtualisation and grid computing) as they seek to provide scalable service environments for repositories, administration and reporting," says Contu.