Omdia recently published a Market Radar on identity governance administration (IGA), in which we compared a number of the leading vendors in this sector. Let's look at some of the key takeaways from this report.

IGA Is Modernizing to Adapt to Today's Environment

IGA started life in the early 2000s as a tool for organizations to meet a sudden surge of legal and regulatory requirements. In other words, its initial purpose was compliance. However, as with another technology that came into existence for that purpose — security information and event management (SIEM) — it has grown into a key enabler of security as well. That's particularly notable now that the COVID-19 pandemic has turbocharged the digital transformation programs that were already underway, in a more cautious fashion, at most organizations.

Atomization of the Workforce

There are two dimensions to the problems that IGA seeks to address in the current environment. First, there is the "atomization of the workforce," a way of describing workers dispersing to home offices and remote sites, collaborating with contractors, suppliers, and partners as much as with colleagues and fellow employees. This is a process that was already underway long before the pandemic, but which was given new impetus by COVID. It is driven by business process outsourcing (BPO), the increasing ease of mobile computing, and, more broadly, by the changing work-life balance priorities of new generations entering work. In this context, COVID-19 merely accelerated the process, driving millions of knowledge workers around the world to work from home on a full-time basis. While some of them are returning to the office now, that return is frequently only partial, and flexible work is very much the spirit of the age.

In this environment, there is a shift in priorities to:

Cloudification

The second dimension is the cloudification of application infrastructures. Enterprise applications were already moving to the cloud long before the pandemic, to be delivered as a service. However, the impact of the pandemic was, again, to turbocharge that process. Applications used by employees and partners now needed to be in the cloud for ease of remote access, while apps for the consumer also rushed to the cloud, as online channels became the sole points of interaction with customers for many businesses. While IGA is not primarily designed to address the B2C identity requirement, it does deliver life-cycle management and entitlement control for the identities of developers, whose role became more critical as the pandemic accelerated digital transformation projects.

This backdrop explains the importance that Omdia attributes to the cloud, not only as a locus from which to deliver IGA, but also as the place where an increasing number of corporate assets now reside, which puts a new level of requirement of entitlements management.

Where Is the IGA Market Heading?

IGA has needed to evolve and modernize in recent years, and the pandemic has accelerated this process. Traditional IGA products/solutions were built to address user provisioning through the complex integration and systematic application of heavily engineered, role-based access control (RBAC) structures. Having cloud-based IGA products that offer APIs can be readily consumed and make connectivity easier to integrate.

IGA vendors need to adapt and evolve their products and services to better fit the current business environment. This involves the cloudification of their IGA products and launching new features such as APIs into their portfolios. IGA technology needs to move into the cloud, an inflection point that should bring with it opportunities for service providers. While large enterprises have traditionally onboarded and managed their employee identities themselves, that activity may have become cumbersome if they grow through M&A, while the B2B aspect can be even more challenging to a global multinational corporation. Service providers that can handle identity federation should scope out business opportunities in this context. Having a cloud-based approach will be critical in enabling IGA to work seamlessly with other services and simplifying the evolution to a future-proof IT security infrastructure.