Being unable to do your work because you can’t log in to something is an annoying barrier. Your enterprise needs to provide secure support for connected devices. At the same time, it needs to meet consumer and employee demands for safe and frictionless access to apps and data. So, how do you do that, and what standards do you need to meet?

Independent analyst group KuppingerCole ranked providers to help and ranked IBM Security Verify as an ‘Overall Leader’ in identity and access management (IAM) security. Let’s take a look at their guidelines for what makes a good IAM security offering.

Gathering the Right Element for IAM Security

A connected and smart network is the master key to all the brand loyalty doors you want to open. But to secure it, you need the right identity and access management system. Though marketing and other business leaders help drive the guidelines and have an influential part in choosing the solution, the IT department carries the lion’s share of burden for this.

“IT has to provide an infrastructure for this increasingly connected and intelligent enterprise,” the KuppingerCole report says, “both for incoming and outgoing access, both for customers and other externals such as business partners, including existing and new on-premises applications, cloud services and mobile devices.”

Download the report

If you’re looking to implement brand-building zero-trust strategies with IAM as a central pillar, you’ll need secure processes and frictionless, productive experiences for all users, internal and external. So, whether you’re a business decision maker in IT, marketing or another field, it’s helpful to look more deeply at the report’s criteria for the leading access management services.

At a product level, KuppingerCole insists that ‘leaders’ in the access management (AM) arena provide a variety of services. These range from authentication through password etiquette, support for access portals and open industry standards. These are largely table stakes, although it continues to be challenging to deliver them. After all, we operate in a complex world across multiple cloud landscapes, with many different apps, data sources and devices.

Also of note in regards to how KuppingerCole ranks access management offerings are the broader dimensions, including how you secure and use your system and your market position. Let’s examine a few of these in more detail.

The Foundations of IAM Security

Keeping your data secure and private are the foundations of IAM, table stakes for IAM vendors and a constantly moving target. The report notes that IAM vendors must “understand the business use-case requirements of managing privacy policies, terms of service, and data sharing arrangements that change frequently.”

Meanwhile, consent management is one of the IAM cornerstones on top of that foundation. This is even more true for global businesses and agencies doing business across borders, even state borders in the U.S. When consent is properly managed, your consumers should be able to easily abide by data privacy and protection rules.

Analysts caution those shopping for an IAM solution that all offerings are not created equal. Instead, there are “varying levels of support available from access management vendors to manage these CIAM [consumer IAM] functions.”

Sharing Data Across Platforms

From a holistic perspective, and to reach a minimum level of zero trust, you must be able to share security and identity information and context across the enterprise. “You’ll need to get a handle on defining system boundaries, as well as making sure you can account for every single point on your network,” notes writer Mark Stone.

KuppingerCole’s report puts it this way: “The support for open identity standards shapes the direction and defines AM implementation success … This will go a long way in keeping your IAM flexible and sustainable. Increasingly we are seeing security platform [application programming interfaces (APIs)] becoming more readily available, exposing the platform’s functionality to the customer for its use.”

You’ll also need to include support for multiple environments spanning on-premises, the cloud and even hybrid multicloud.

“Exposing key functionality via APIs allows for workflow and orchestration capabilities across environments and better DevOps support through automation,” cites the KuppingerCole report.

Access management solutions also need to support central management of user access to various types of apps and services, and the overall setup of the solution itself.


Right now, the trend in the market is to move IAM from on-premises to a hybrid or cloud model. However, that is often easier said than done, at least overnight.

“Even though vendors are helping customers to make this transition easier, there will still be valid reasons that organizations will need to maintain an on-premises presence, such as the continued use of legacy and sometimes in-house developed custom systems, among other reasons. Because of this, it is safe to assume that a hybrid delivery model will be a viable option for the foreseeable future,” the report says.

Good providers design their IAM solutions and services to provide transition options for every appetite. Your journey should match your business needs. It should also allow you to maintain existing investments and protect on-premises apps.

IBM Cloud IAM Services can help define the right cloud IAM strategy by meeting cloud-first objectives. Furthermore, it allows you to consider internal policy compliance and security, architecture constraints, and the custom needs of your processes and workflows.

Market Concerns

KuppingerCole also looks at factors that are not as focused on IT. They may be further outside the core products and services, but are just as important. For example, keep in mind the following:

  • Size of the company
  • Number of customers
  • Number of developers
  • Partners
  • Licensing models
  • Platform support

IBM Named a Leader in IAM Security

As it turns out, the 2021 KuppingerCole Leadership Compass for Access Management ranked IBM Security Verify as an ‘Overall Leader.’ KuppingerCole is a role model: If you are performing due diligence, using mission-critical tools and services to ensure brand loyalty and efficient work, you must adopt a thorough approach to IAM security.

As the KuppingerCole report highlights, IBM Security Verify enables IT, security and business leaders to protect their digital users, assets and data in a hybrid multicloud world, while promoting internal process efficiency along the way. Beyond single sign-on and multifactor authentication, the solution is a modernized, modular identity-as-a-service model, providing AI-powered context for adaptive access decisions, guided experiences for developers and rich cloud services.

But don’t just take our word for it: read the report.

More from Identity & Access

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

What is the Future of Password Managers?

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers compromise these software applications, the entire industry of identity and access management (IAM) takes notice. As an alliance of tech giants leads a global push…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…