Being unable to do your work because you can’t log in to something is an annoying barrier. Your enterprise needs to provide secure support for connected devices. At the same time, it needs to meet consumer and employee demands for safe and frictionless access to apps and data. So, how do you do that, and what standards do you need to meet?

Independent analyst group KuppingerCole ranked providers to help and ranked IBM Security Verify as an ‘Overall Leader’ in identity and access management (IAM) security. Let’s take a look at their guidelines for what makes a good IAM security offering.

Gathering the Right Element for IAM Security

A connected and smart network is the master key to all the brand loyalty doors you want to open. But to secure it, you need the right identity and access management system. Though marketing and other business leaders help drive the guidelines and have an influential part in choosing the solution, the IT department carries the lion’s share of burden for this.

“IT has to provide an infrastructure for this increasingly connected and intelligent enterprise,” the KuppingerCole report says, “both for incoming and outgoing access, both for customers and other externals such as business partners, including existing and new on-premises applications, cloud services and mobile devices.”

Download the report

If you’re looking to implement brand-building zero-trust strategies with IAM as a central pillar, you’ll need secure processes and frictionless, productive experiences for all users, internal and external. So, whether you’re a business decision maker in IT, marketing or another field, it’s helpful to look more deeply at the report’s criteria for the leading access management services.

At a product level, KuppingerCole insists that ‘leaders’ in the access management (AM) arena provide a variety of services. These range from authentication through password etiquette, support for access portals and open industry standards. These are largely table stakes, although it continues to be challenging to deliver them. After all, we operate in a complex world across multiple cloud landscapes, with many different apps, data sources and devices.

Also of note in regards to how KuppingerCole ranks access management offerings are the broader dimensions, including how you secure and use your system and your market position. Let’s examine a few of these in more detail.

The Foundations of IAM Security

Keeping your data secure and private are the foundations of IAM, table stakes for IAM vendors and a constantly moving target. The report notes that IAM vendors must “understand the business use-case requirements of managing privacy policies, terms of service, and data sharing arrangements that change frequently.”

Meanwhile, consent management is one of the IAM cornerstones on top of that foundation. This is even more true for global businesses and agencies doing business across borders, even state borders in the U.S. When consent is properly managed, your consumers should be able to easily abide by data privacy and protection rules.

Analysts caution those shopping for an IAM solution that all offerings are not created equal. Instead, there are “varying levels of support available from access management vendors to manage these CIAM [consumer IAM] functions.”

Sharing Data Across Platforms

From a holistic perspective, and to reach a minimum level of zero trust, you must be able to share security and identity information and context across the enterprise. “You’ll need to get a handle on defining system boundaries, as well as making sure you can account for every single point on your network,” notes writer Mark Stone.

KuppingerCole’s report puts it this way: “The support for open identity standards shapes the direction and defines AM implementation success … This will go a long way in keeping your IAM flexible and sustainable. Increasingly we are seeing security platform [application programming interfaces (APIs)] becoming more readily available, exposing the platform’s functionality to the customer for its use.”

You’ll also need to include support for multiple environments spanning on-premises, the cloud and even hybrid multicloud.

“Exposing key functionality via APIs allows for workflow and orchestration capabilities across environments and better DevOps support through automation,” cites the KuppingerCole report.

Access management solutions also need to support central management of user access to various types of apps and services, and the overall setup of the solution itself.

Deployment

Right now, the trend in the market is to move IAM from on-premises to a hybrid or cloud model. However, that is often easier said than done, at least overnight.

“Even though vendors are helping customers to make this transition easier, there will still be valid reasons that organizations will need to maintain an on-premises presence, such as the continued use of legacy and sometimes in-house developed custom systems, among other reasons. Because of this, it is safe to assume that a hybrid delivery model will be a viable option for the foreseeable future,” the report says.

Good providers design their IAM solutions and services to provide transition options for every appetite. Your journey should match your business needs. It should also allow you to maintain existing investments and protect on-premises apps.

IBM Cloud IAM Services can help define the right cloud IAM strategy by meeting cloud-first objectives. Furthermore, it allows you to consider internal policy compliance and security, architecture constraints, and the custom needs of your processes and workflows.

Market Concerns

KuppingerCole also looks at factors that are not as focused on IT. They may be further outside the core products and services, but are just as important. For example, keep in mind the following:

  • Size of the company
  • Number of customers
  • Number of developers
  • Partners
  • Licensing models
  • Platform support

IBM Named a Leader in IAM Security

As it turns out, the 2021 KuppingerCole Leadership Compass for Access Management ranked IBM Security Verify as an ‘Overall Leader.’ KuppingerCole is a role model: If you are performing due diligence, using mission-critical tools and services to ensure brand loyalty and efficient work, you must adopt a thorough approach to IAM security.

As the KuppingerCole report highlights, IBM Security Verify enables IT, security and business leaders to protect their digital users, assets and data in a hybrid multicloud world, while promoting internal process efficiency along the way. Beyond single sign-on and multifactor authentication, the solution is a modernized, modular identity-as-a-service model, providing AI-powered context for adaptive access decisions, guided experiences for developers and rich cloud services.

But don’t just take our word for it: read the report.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today