20/20 Vision: Top Identity & Access Management Predictions from the Gartner IAM Summit

Last updated: 16 May 2016

Gartner SummitsGartner floated some interesting ideas and predictions on where the Identity and Access Management (IAM) market is heading during Monday’s IAM Summit keynote.

Some may be a bit more futuristic than others, but their view is cause to take a step back from the daily grind and observe our industry from new perspectives.

Below are the highlights and 2020 predictions:

1. Every user is a consumer, and the way we access systems is consumer-like –especially in the mobile era. Gartner predicts that by 2020, 80% of access will be shaped by non-PC architectures – up from 5% today. It’s time to move on, and stop trying to make mobile devices look like corporate PC’s.

  • Our Perspective: Even over the last 5 years, the industry has transformed with the emergence of BYOD and the mobile workforce—in fact, 5% today feels low. Stringent access policies that work within the corporate network are not scalable. In order for IT professionals to be fully comfortable with BYOD and for employees not to view security as barriers, authentication needs to become transparent and seamless to the end user.

2. The IAM space is becoming a competitive marketplace for identities. By 2020, 60% of digital identities interacting with the enterprise will come from external identity providers through a competitive marketplace – up from less than 10% today.

  • Our Perspective: This will become relevant for the enterprise only once the assurance levels of these identities improve. Social will play a role here but only for low assurance applications. The real opportunity is for enterprises to consume emerging higher assurance external identities such as those being piloted by USPS or national ID programs currently available in some countries.

3. The death of the “least privileged”. By 2020, over 80% of enterprise will allow unrestricted access to non-critical assets up from 5% today reducing IAM spend by 25%. To this end, organizations are better off focusing IAM spend on high-value data, and applying baseline security to everything else.

  • Our Perspective: If you asked any CSO, they would find it unimaginable to allow access to *anything*. Nevertheless the fact that the market is moving in this direction opens up opportunities for frictionless authentication methods that can provide a reasonable level of assurance for most assets without impeding on the end user. This offers IT a measure of access control and removes barriers for users.

4. Legacy pricing models will implode: By end of 2020, overall IAM products and services pricing will drop by 40% relative to today in real terms. We’ll see new ways of addressing the same issue, with new competitive players. We’ll see a change in delivery models. Also, pricing will move from user-based to transaction-based.

  • Our Perspective: This is the new reality for all IT services and having flexible and simple business models are critical. As more IAM solutions move to be consumed as a service, there will be continued price pressure on legacy IAM vendors, to the extent that these same business models will find their way to the on-premises world.  

5. It’s not who you are, but what you do and how you do it. Multitude of devices, applications, and identities bring more attributes and multi-dimensional context to access control. By 2020, 70% of all businesses will use attribute based access control (ABAC) as the dominant mechanism to protect critical assets, up from 5% today.

  • Our Perspective: It is difficult to imagine context NOT playing a role in everything we do. It is very foreseeable that we will reach 70% much sooner than predicted.

6. Identity intelligence finally gets a brain: By 2020, identity analytical and intelligence (IAI) tools will deliver direct business value in 60% of enterprises up from less than 5% today. This will include logging and log management, behavioral attributes about who is accessing what and “identity nodes” around users and administrators.

  • Our Perspective: While this will raise issues of privacy that must be solved along the way, the ability to analyze data will be critical to making security decisions in the enterprise.

7. Managing identities will include the internet of things. By 2020, the internet of things will redefine the concept of “identity management” to include what people own, share, and use.

  • Our Perspective: Does this really go beyond identity management and evolve into entity management? We already have devices with cross functionality. For instance, what once used to be a simple watch can now act as a light, track your steps, and measure your heart-rate. Will identity management go from a device we carry, systems we access, to how we behave, and ultimately, everything we are and do?


Download Our Two-Factor Authentication eBookIf you want to learn how organizations must respond to next-generation authentication trends, download our free ebook, Business Drivers for Next-Generation Two-Factor Authentication Solutions

In this ebook, the challenges of a complex authentication environment are brought forth as encountered per enterprise stakeholder – including executives and HR, CFOs, CIOs, CSOs, and users – together with how these challenges can be redressed. Download the ebook now.