Special Feature
Part of a ZDNet Special Feature: The Evolution of Enterprise Software

Identity as a Service poised for run in enterprise

Enterprise interest and investments ready to jump over the next two years, Gartner says

Identity and Access as a Service is poised for a strong run at enterprises of all size, and those who have done their homework will dodge the hype and know what's right for them and what's not.

By the end of 2015, Identity and Access as a Service (IDaaS) will account for 25% of all new identity and access management sales, compared with 5% in 2012, according to recent Gartner research "Are You and the IDaaS Market Ready for Each Other?"

At the end of 2012, the market was $180 million. By the end of this year, that number is expected to jump to $265 million.

Small and medium-sized companies are helping drive interest. They are extending their current IAM architectures and providing access to SaaS services or internal Web-apps. Larger companies in general are looking to support both cloud and on-premises applications with IDaaS offerings.

"The growth we saw in the market last year is showing us that there is acceleration," said Gregg Kreizman, the author of the research. "This coming year is where we will see more (implementation) stories emerging from organizations. Some will do quite well, but others might not live up to expectations."

The conclusion is that IDaaS is not a slam dunk, it takes careful planning to match needs with the right kinds of identity services. Some enterprises may just find what they have installed is adequate for now or that IDaaS conflicts with some of their security and privacy requirements.

Gartner defines IDaaS as service that delivers the access, administration and intelligence functions of identity and access management.

Kreizman says IDaaS is new to a lot of enterprises and therefore spawning questions - most of which have to do with how to extend currently installed IAM to SaaS applications. He says others with interest have identity functions they want a service to manage, while some understand the services but need insight into the market.  

Another question is around standards. Kreizman continues to preach the need for standards support, which among other benefits avoids lock-in. But standards are more table stakes than feature sets.

"Really the enterprise SaaS buyer does not care so much about standards," he said. "But architects understand that having a standard helps ease adoption of SaaS business services."

Enterprises will be at an advantage if they understand integration challenges when standard support is not available. Current standards such as OAuth 2.0 and OpenID Connect are generating interest among enterprise architects contemplating cloud and mobile additions to their identity strategy.

While Kreizman sorts out a range of vendors, he says the evolution of IDaaS is pointed at Web-based architectures both internal and external.  He says enterprises need to assess vendor viability for the long-term, know where enterprise data is stored and who has access to it, understand the speed and resiliency of bridging services between on-premises and cloud services, and to investigate IDaaS vendor claims that they can broker services to hundreds or even thousands of applications.

Show Comments