Identity as a Service poised for run in enterprise

Identity as a Service poised for run in enterprise

Summary: Enterprise interest and investments ready to jump over the next two years, Gartner says


Identity and Access as a Service is poised for a strong run at enterprises of all size, and those who have done their homework will dodge the hype and know what's right for them and what's not.

By the end of 2015, Identity and Access as a Service (IDaaS) will account for 25% of all new identity and access management sales, compared with 5% in 2012, according to recent Gartner research "Are You and the IDaaS Market Ready for Each Other?"

At the end of 2012, the market was $180 million. By the end of this year, that number is expected to jump to $265 million.

Small and medium-sized companies are helping drive interest. They are extending their current IAM architectures and providing access to SaaS services or internal Web-apps. Larger companies in general are looking to support both cloud and on-premises applications with IDaaS offerings.

"The growth we saw in the market last year is showing us that there is acceleration," said Gregg Kreizman, the author of the research. "This coming year is where we will see more (implementation) stories emerging from organizations. Some will do quite well, but others might not live up to expectations."

The conclusion is that IDaaS is not a slam dunk, it takes careful planning to match needs with the right kinds of identity services. Some enterprises may just find what they have installed is adequate for now or that IDaaS conflicts with some of their security and privacy requirements.

Gartner defines IDaaS as service that delivers the access, administration and intelligence functions of identity and access management.

Kreizman says IDaaS is new to a lot of enterprises and therefore spawning questions - most of which have to do with how to extend currently installed IAM to SaaS applications. He says others with interest have identity functions they want a service to manage, while some understand the services but need insight into the market.  

Another question is around standards. Kreizman continues to preach the need for standards support, which among other benefits avoids lock-in. But standards are more table stakes than feature sets.

"Really the enterprise SaaS buyer does not care so much about standards," he said. "But architects understand that having a standard helps ease adoption of SaaS business services."

Enterprises will be at an advantage if they understand integration challenges when standard support is not available. Current standards such as OAuth 2.0 and OpenID Connect are generating interest among enterprise architects contemplating cloud and mobile additions to their identity strategy.

While Kreizman sorts out a range of vendors, he says the evolution of IDaaS is pointed at Web-based architectures both internal and external.  He says enterprises need to assess vendor viability for the long-term, know where enterprise data is stored and who has access to it, understand the speed and resiliency of bridging services between on-premises and cloud services, and to investigate IDaaS vendor claims that they can broker services to hundreds or even thousands of applications.

Topics: The Evolution of Enterprise Software, Networking, Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Identity as a service poised for run in enterprise

    Hi John, thanks for this thoughtful piece. As you highlighted, “Identity and Access as a Service” is experiencing rapid growth. With sales in this sector growing rapidly, it is essential that companies are careful when choosing an identity service that meets their needs.

    After years of failed identity projects, many companies are realizing that it is very difficult to operationalize IAM technology internally. Adding to the complexity is that while small to medium sized businesses are willing to procure cloud services to house their identity infrastructure, many large businesses are not. Large organizations want to provision cloud-based services (i.e. Salesforce) while retaining identity data and infrastructure inside their own walls.

    In both instances, it is imperative to partner with a specialized organization to manage services. Our ELM Utility™ model provides businesses with proactive IAM services, regardless of the level of complexity. I’d be interested to hear your thoughts on our approach: