It is dangerous to be stuck in the past. What you knew yesterday could result in failure today. If you act on knowledge that is no longer true, you could spend big money on something that is of little worth.
Converged IAM is the biggest buzzword in IAM today. According to industry analyst Gartner, Converged IAM products will account for over 45% of new IAM implementations by 2023.
What is Converged IAM?
Converged IAM is a suite with both Access Management and light IGA functionalities, sometimes also including Privilege Access Management. Everything is part of a single solution and operated from a single dashboard. These are typically much less expensive, both in the initial purchase and in the longer cost of ownership, than full-suite IGA products and Access Management procured separately. They are also easier to deploy, require less maintenance, and eliminate the complications of using two or more products.
Why is it Needed?
Access Management and IGA are merging. In earlier days they were available only as two different products, mostly built by different companies. This made their implementation and upkeep extremely complex. Besides, any interaction between the functions of the two products was virtually impossible. This perhaps was still manageable, at least for large customers as they had a large workforce in their IAM teams. Things changed. In 2012 Access Management became available in the cloud, was easy to implement and came as annual SaaS subscriptions.
By 2020 most Access Management purchases were as SaaS. IGA however, continued to remain a beast; bulky, complex, difficult to use and expensive. It was also available only as an on-premise installation or on private cloud, which added to the conundrum.
2018 saw another market development. IAM began proliferating mid-size organizations, largely driven by growing security concerns and the need to make access provisioning more efficient. The need to provide users with a single dashboard control for Access Management, provisioning requests to applications, entitlements and Access Certification (even for checking Segregation of Duty violations) became imperative as user productivity and experience became intertwined.
Today, business roles are changing frequently. It is even more dynamic in mid-size organizations. This is due to organizations trying to increase business agility by adopting a more business driven rather than procedure driven approach. Employees are now part of project teams which require specific permissions (tied to roles), and later become part of a different project team requiring entirely different permissions. In mid-market companies, a single employee may be carrying out different functions to cut cost. All this needs to be tied together with Segregation of Duties (SoD) ,principle of least privilege, Zero trust implementation, and many other security and compliance initiatives.
How organizations must deal with privileged access is also changing. Before, privileged access used to mean admin accounts. But now, it usually means a timebound elevated account. SoD is important here because a user with 2 conflicting privileged accesses could spell disaster. PAM in itself doesn’t offer SoD, so a single suite solution with both features is needed.
Midsized IAM
The number of mid-market customers adopting IAM is increasing exponentially, driven by increasing vulnerability to cyber-attacks. The cost of IAM is dropping, which has further influenced its adoption rate. Global shift from on-premises IT environments to cloud-based ones also means that organizations need more agility and automation. Where IAM was a luxury in the past, it is starting to become a necessity now.
Midsize businesses typically have wide but basic IAM requirements. Full-suite products, combined from different vendors, offer very poor ROI, as a large chunk of features are never used. A converged solution with just the right elements and not too much, which can therefore be offered at a lower price, is the answer.
Another fact is that midsize organizations do not possess the skills and resources in-house to efficiently and effectively handle IAM deployments. IAM staff are in short supply. This means that implementing and maintaining a deployment is a significant challenge, compounded if there are multiple solutions that need to play with each other.
Analysts see managed security service providers (MSSPs) deploying and managing IAM solutions in the future. These providers will need to focus on making their offerings cost effective and easy to use: two things only possible in Converged IAM products.
Conclusion
Converged IAM is the future. Increasing interdependency of IAM functions like IGA, Access Management and PAM means that a customer must either buy multiple solutions, often from different vendors, at a higher total cost and with integration challenges, or choose a converged product that offers all in one suite. The latter is a much more intuitive answer.
IGA requirements for majority of businesses, particularly in the mid-market, are relatively light. But it is required, along with some PAM functionality. A good Converged IAM product offers all this for a low cost. To solve the challenge of lack of skilled resources an easy to manage solution that can be operated by virtually anyone is ideal. MSSPs are set to take over from SIs as they beginning to offer IAM as a service and will mostly sell Converged IAM products.
No wonder Converged IAM is becoming the product of choice in majority of purchase decisions.
