I had the privilege of being part of an industry panel here at the Gartner IAM Summit in London this week. We covered a gamut of IAM topics from how IAM has changed over the last five years to the use of social identities to bring your own identities (BYOI). But, the area that caused the most debate and one that I heard throughout my conversations here at the show was a question poised by Gregg Kreizman of Gartner – will all IAM be delivered as a service by 2020?
General consensus from all the panelists, including myself, was that IAM would not be delivered completely as a service by 2020, if ever. There are organizations that will always want and need the ability to tailor their IAM programs to very specific business processes, which simply do not translate well to a SaaS model. In addition, highly regulated verticals like financial services and healthcare, which must address a higher level of scrutiny due to a constantly evolving list of security and compliance standards, may mean that moving to a full SaaS model will never be an option.
The reality is, IAM will transition more slowly than other software sectors to SaaS-based delivery models due to security concerns and the complexity of managing on-premises resources from the cloud. However, the growing acceptance of cloud-based management tools is paving the way for implementing IDaaS. As organizations begin to gain more and more confidence in a SaaS model for mission-critical data, we are seeing them move beyond their past concerns around data and privacy of their IAM system living in the cloud.
That said, I do believe that the IAM we know of today will look radically different in the next 5 years. Cloud is a major game-changer for how enterprises deploy mission-critical infrastructure and as such, organizations are gaining more and more confidence in this deployment model. We’ve already seen a shift in the marketplace in the last couple of years in the organizations that are adopting IDaaS to take advantage of the cost savings and accelerate time to value to the business.
While we are certainly still in a transition period for true, end-to-end IDaaS to mainstream in the IAM market, I believe we are on the verge of seeing a tipping point. Eventually, for many organizations, the trade-offs of the SaaS-based approach for IAM – increased business agility, speed time to value, and reduction of operating costs – will outweigh the privacy/security concerns. And, no doubt, 2020 will see a vastly different IAM landscape.
Since the introduction of our IDaaS offering, IdentityNow, in 2013, SailPoint’s goal has been to provide our customers a choice. We believe that customers should not be forced to tackle one deployment model over another, but rather have the flexibility to determine what fits best with their environment, what fits best for the IAM goals, and what fits best for both IT and the end user.
To quote Gregg Kreizman, do you agree that 20%, 30% or even 50% of IAM projects will be delivered as a service? I do. But the transition will be gradual over the next few years and I don’t expect that 100% of IAM programs in the future will ever be cloud-based.