The State of the Identity Governance Market

Next week, I’ll be attending the Gartner IAM Summit in San Diego. It’s safe to assume that the state of the IAM/IdM market will be top of mind at the conference, so I thought I’d share my observations:

  • Despite tightened budgets during 2009, we are seeing strong demand for identity governance. Companies continue to invest in strengthening controls around access to their critical applications and data. In fact, SailPoint recently closed the strongest quarter in our company’s history. Already this year we’ve doubled our customer base, and my guess is that 2010 will also be a year of significant market growth. We’re seeing the same demand across North America, Europe and Asia/Pacific, emphasizing that identity governance is addressing a global issue.
  • The tough economy has made buyers more selective about how they invest in IdM solutions. Budget constraints have ensured that companies are laser-focused on solutions that provide immediate, measurable results. I believe one of the factors in SailPoint’s success has been our ability to give our customers visibility and control over access privileges very quickly – in weeks or months, not years. Seeing the early results of data aggregation, correlation, and data cleanup across critical applications is very powerful, and allows organizations to immediately address high-risk issues like orphan accounts, policy violations and proliferation of service accounts. Generating results like this helps get executive and business buy-in, and serves as a strong foundation for expanding the project to incorporate access certifications, role management, access request and provisioning.
  • Lastly, I see a major shift by organizations to view IdM as more of a business-centric discipline. Put another way, IdM is no longer the exclusive realm of identity admins and help desk staff. To ensure compliance initiatives are successful, organizations must get business users involved in the process. Collaboration is required across teams of business, audit/compliance and technical staff. As a result, there is a growing need for business-friendly solutions that synchronize identity business processes across the individuals and groups managing identity governance activities. Taking a business process approach is a key enabler that allows organizations to effectively work together to define governance policy, design and implement appropriate controls, monitor the effectiveness of controls, and better manage IT and business risk.

To sum up, in some ways the recession has served as a catalyst in IdM’s evolution – both by elevating the importance of transparency and risk management, as well as increasing corporate focus on rapid results and return on investment. I believe our industry is now at an inflection point where companies are starting to rethink how they approach IT risk management and what they expect from technology vendors. It should make the next year very interesting, and exciting, from a technology vendor’s perspective!

I’m looking forward to hearing the Gartner analysts’ predictions heading into 2010 and to having conversations with any of you who will be joining us at the conference.