Identity Access Management to See Better Integration

Vendors and analysts say customers can expect to see tighter integration across traditional access management, user provisioning and role management offerings.

With the Identity and Access Management market poised to grow, its expansion may be coupled with better integration and controls around role, entitlement and identity lifecycle management.

According to a recent report by Forrester Research, the IAM (Identity and Access Management) market will see some explosive growth in the years ahead. The analyst firm estimated the market stood at about $2.6 billion in 2006, and by 2014 will hit $12.3 billion, with provisioning accounting for nearly two-thirds of all IAM revenues.

The growth will come on the back of regulatory compliance initiatives as organizations try to control access to information, industry watchers said.

IAM tools give customers a level of control and visibility into their assets needed to meet compliance goals, said Joe Anthony, program director of security and compliance management for IBM Tivoli software. The key though, may be to make IAM just one brick in an overall access strategy. Increased integration across security products will make it easier for business to address a wider range of challenges in the traditional areas of IAM, he said, as well as application, infrastructure and data security.

"As a customer looks at their existing environment, they will see that IAM is a core thread throughout," Anthony said. "A well thought-out IAM investment can be leveraged in many areas. Customers are becoming more sophisticated in how they want to define and manage roles, and they should expect to see increased integration across the traditional access management, user provisioning and role management offerings."

But it is in the areas of role and entitlement management where IAM will likely see some innovation, analysts said. Jonathan Penn, an analyst with Forrester, said he expects vendors to tie together those two areas-for example, access roles and provisioning roles being the same. Vendors would then provide for roles to be continuously monitored and managed based on what rights a user has and user behavior.

Gartner analyst Earl Perkins agreed vendors would look to make advances in role lifecycle management, as well as provide an entitlements management framework for secure lifecycle development to prepare IAM to address service-oriented architectures.

"There is a mismatch between what can described as entitlements administration, a granular level of managing entitlements that is missing from many IAM offerings," he said. "It represents a realization gap between how the security policy that addresses compliance is actually realized in provisioning workflow and reporting."

Officials at CA, another player in the IAM space, said that in addition to identity lifecycle management, the company is building products to streamline the process of certifying and attesting to the validity of roles and entitlement needs for compliance requirements such as the Sarbanes-Oxley Act. But the ability to manage roles and identities over a period of time remains a key item on the Christmas list for customers, CA Security Strategist Bill Mann said.

"The largest growth area is provisioning. Customers are trying to understand the identity lifecycle management-adding, removing and changing users' rights and roles," he said. "As they come into the organization, change their role and finally leave, you must be able to manage what rights are appropriate."