Being unable to do your work because you can’t log in to something is an annoying barrier. Your enterprise needs to provide secure support for connected devices. At the same time, it needs to meet consumer and employee demands for safe and frictionless access to apps and data. So, how do you do that, and what standards do you need to meet?

Independent analyst group KuppingerCole ranked providers to help and ranked IBM Security Verify as an ‘Overall Leader’ in identity and access management (IAM) security. Let’s take a look at their guidelines for what makes a good IAM security offering.

Gathering the Right Element for IAM Security

A connected and smart network is the master key to all the brand loyalty doors you want to open. But to secure it, you need the right identity and access management system. Though marketing and other business leaders help drive the guidelines and have an influential part in choosing the solution, the IT department carries the lion’s share of burden for this.

“IT has to provide an infrastructure for this increasingly connected and intelligent enterprise,” the KuppingerCole report says, “both for incoming and outgoing access, both for customers and other externals such as business partners, including existing and new on-premises applications, cloud services and mobile devices.”

Download the report

If you’re looking to implement brand-building zero-trust strategies with IAM as a central pillar, you’ll need secure processes and frictionless, productive experiences for all users, internal and external. So, whether you’re a business decision maker in IT, marketing or another field, it’s helpful to look more deeply at the report’s criteria for the leading access management services.

At a product level, KuppingerCole insists that ‘leaders’ in the access management (AM) arena provide a variety of services. These range from authentication through password etiquette, support for access portals and open industry standards. These are largely table stakes, although it continues to be challenging to deliver them. After all, we operate in a complex world across multiple cloud landscapes, with many different apps, data sources and devices.

Also of note in regards to how KuppingerCole ranks access management offerings are the broader dimensions, including how you secure and use your system and your market position. Let’s examine a few of these in more detail.

The Foundations of IAM Security

Keeping your data secure and private are the foundations of IAM, table stakes for IAM vendors and a constantly moving target. The report notes that IAM vendors must “understand the business use-case requirements of managing privacy policies, terms of service, and data sharing arrangements that change frequently.”

Meanwhile, consent management is one of the IAM cornerstones on top of that foundation. This is even more true for global businesses and agencies doing business across borders, even state borders in the U.S. When consent is properly managed, your consumers should be able to easily abide by data privacy and protection rules.

Analysts caution those shopping for an IAM solution that all offerings are not created equal. Instead, there are “varying levels of support available from access management vendors to manage these CIAM [consumer IAM] functions.”

Sharing Data Across Platforms

From a holistic perspective, and to reach a minimum level of zero trust, you must be able to share security and identity information and context across the enterprise. “You’ll need to get a handle on defining system boundaries, as well as making sure you can account for every single point on your network,” notes writer Mark Stone.

KuppingerCole’s report puts it this way: “The support for open identity standards shapes the direction and defines AM implementation success … This will go a long way in keeping your IAM flexible and sustainable. Increasingly we are seeing security platform [application programming interfaces (APIs)] becoming more readily available, exposing the platform’s functionality to the customer for its use.”

You’ll also need to include support for multiple environments spanning on-premises, the cloud and even hybrid multicloud.

“Exposing key functionality via APIs allows for workflow and orchestration capabilities across environments and better DevOps support through automation,” cites the KuppingerCole report.

Access management solutions also need to support central management of user access to various types of apps and services, and the overall setup of the solution itself.


Right now, the trend in the market is to move IAM from on-premises to a hybrid or cloud model. However, that is often easier said than done, at least overnight.

“Even though vendors are helping customers to make this transition easier, there will still be valid reasons that organizations will need to maintain an on-premises presence, such as the continued use of legacy and sometimes in-house developed custom systems, among other reasons. Because of this, it is safe to assume that a hybrid delivery model will be a viable option for the foreseeable future,” the report says.

Good providers design their IAM solutions and services to provide transition options for every appetite. Your journey should match your business needs. It should also allow you to maintain existing investments and protect on-premises apps.

IBM Cloud IAM Services can help define the right cloud IAM strategy by meeting cloud-first objectives. Furthermore, it allows you to consider internal policy compliance and security, architecture constraints, and the custom needs of your processes and workflows.

Market Concerns

KuppingerCole also looks at factors that are not as focused on IT. They may be further outside the core products and services, but are just as important. For example, keep in mind the following:

  • Size of the company
  • Number of customers
  • Number of developers
  • Partners
  • Licensing models
  • Platform support

IBM Named a Leader in IAM Security

As it turns out, the 2021 KuppingerCole Leadership Compass for Access Management ranked IBM Security Verify as an ‘Overall Leader.’ KuppingerCole is a role model: If you are performing due diligence, using mission-critical tools and services to ensure brand loyalty and efficient work, you must adopt a thorough approach to IAM security.

As the KuppingerCole report highlights, IBM Security Verify enables IT, security and business leaders to protect their digital users, assets and data in a hybrid multicloud world, while promoting internal process efficiency along the way. Beyond single sign-on and multifactor authentication, the solution is a modernized, modular identity-as-a-service model, providing AI-powered context for adaptive access decisions, guided experiences for developers and rich cloud services.

But don’t just take our word for it: read the report.

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today