Being unable to do your work because you can’t log in to something is an annoying barrier. Your enterprise needs to provide secure support for connected devices. At the same time, it needs to meet consumer and employee demands for safe and frictionless access to apps and data. So, how do you do that, and what standards do you need to meet?

Independent analyst group KuppingerCole ranked providers to help and ranked IBM Security Verify as an ‘Overall Leader’ in identity and access management (IAM) security. Let’s take a look at their guidelines for what makes a good IAM security offering.

Gathering the Right Element for IAM Security

A connected and smart network is the master key to all the brand loyalty doors you want to open. But to secure it, you need the right identity and access management system. Though marketing and other business leaders help drive the guidelines and have an influential part in choosing the solution, the IT department carries the lion’s share of burden for this.

“IT has to provide an infrastructure for this increasingly connected and intelligent enterprise,” the KuppingerCole report says, “both for incoming and outgoing access, both for customers and other externals such as business partners, including existing and new on-premises applications, cloud services and mobile devices.”

Download the report

If you’re looking to implement brand-building zero-trust strategies with IAM as a central pillar, you’ll need secure processes and frictionless, productive experiences for all users, internal and external. So, whether you’re a business decision maker in IT, marketing or another field, it’s helpful to look more deeply at the report’s criteria for the leading access management services.

At a product level, KuppingerCole insists that ‘leaders’ in the access management (AM) arena provide a variety of services. These range from authentication through password etiquette, support for access portals and open industry standards. These are largely table stakes, although it continues to be challenging to deliver them. After all, we operate in a complex world across multiple cloud landscapes, with many different apps, data sources and devices.

Also of note in regards to how KuppingerCole ranks access management offerings are the broader dimensions, including how you secure and use your system and your market position. Let’s examine a few of these in more detail.

The Foundations of IAM Security

Keeping your data secure and private are the foundations of IAM, table stakes for IAM vendors and a constantly moving target. The report notes that IAM vendors must “understand the business use-case requirements of managing privacy policies, terms of service, and data sharing arrangements that change frequently.”

Meanwhile, consent management is one of the IAM cornerstones on top of that foundation. This is even more true for global businesses and agencies doing business across borders, even state borders in the U.S. When consent is properly managed, your consumers should be able to easily abide by data privacy and protection rules.

Analysts caution those shopping for an IAM solution that all offerings are not created equal. Instead, there are “varying levels of support available from access management vendors to manage these CIAM [consumer IAM] functions.”

Sharing Data Across Platforms

From a holistic perspective, and to reach a minimum level of zero trust, you must be able to share security and identity information and context across the enterprise. “You’ll need to get a handle on defining system boundaries, as well as making sure you can account for every single point on your network,” notes writer Mark Stone.

KuppingerCole’s report puts it this way: “The support for open identity standards shapes the direction and defines AM implementation success … This will go a long way in keeping your IAM flexible and sustainable. Increasingly we are seeing security platform [application programming interfaces (APIs)] becoming more readily available, exposing the platform’s functionality to the customer for its use.”

You’ll also need to include support for multiple environments spanning on-premises, the cloud and even hybrid multicloud.

“Exposing key functionality via APIs allows for workflow and orchestration capabilities across environments and better DevOps support through automation,” cites the KuppingerCole report.

Access management solutions also need to support central management of user access to various types of apps and services, and the overall setup of the solution itself.


Right now, the trend in the market is to move IAM from on-premises to a hybrid or cloud model. However, that is often easier said than done, at least overnight.

“Even though vendors are helping customers to make this transition easier, there will still be valid reasons that organizations will need to maintain an on-premises presence, such as the continued use of legacy and sometimes in-house developed custom systems, among other reasons. Because of this, it is safe to assume that a hybrid delivery model will be a viable option for the foreseeable future,” the report says.

Good providers design their IAM solutions and services to provide transition options for every appetite. Your journey should match your business needs. It should also allow you to maintain existing investments and protect on-premises apps.

IBM Cloud IAM Services can help define the right cloud IAM strategy by meeting cloud-first objectives. Furthermore, it allows you to consider internal policy compliance and security, architecture constraints, and the custom needs of your processes and workflows.

Market Concerns

KuppingerCole also looks at factors that are not as focused on IT. They may be further outside the core products and services, but are just as important. For example, keep in mind the following:

  • Size of the company
  • Number of customers
  • Number of developers
  • Partners
  • Licensing models
  • Platform support

IBM Named a Leader in IAM Security

As it turns out, the 2021 KuppingerCole Leadership Compass for Access Management ranked IBM Security Verify as an ‘Overall Leader.’ KuppingerCole is a role model: If you are performing due diligence, using mission-critical tools and services to ensure brand loyalty and efficient work, you must adopt a thorough approach to IAM security.

As the KuppingerCole report highlights, IBM Security Verify enables IT, security and business leaders to protect their digital users, assets and data in a hybrid multicloud world, while promoting internal process efficiency along the way. Beyond single sign-on and multifactor authentication, the solution is a modernized, modular identity-as-a-service model, providing AI-powered context for adaptive access decisions, guided experiences for developers and rich cloud services.

But don’t just take our word for it: read the report.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read