How to evaluate an access management platform

Businesses are seeking access management (AM) solutions that are more robust and richer with features than earlier generations of AM software. In this environment, identity threat detection and response and identity access management (IAM) convergence and resilience are rapidly scaling the high-priority list for many organizations.

No. 1: Why purchase AM software now?

  • Faced with accelerating cyberthreats and challenged by economic constraints, organizations are realizing that a powerful, cost-effective access management platform is increasingly pivotal to their IAM strategy.
  • AM platforms support security assertion markup language (SAML), open authorization (OAuth) and other identity protocols, making them essential to a zero trust approach
  • Today, less than 20% of organizations use an AM tool. By implementing AM, you stand to sharpen your competitive edge against later adopters.

No. 2: What trends are affecting the market for access management platforms?

  • Access management tools are adding adjacent IAM functions, especially identity governance and administration (IGA) features, to strengthen their position as converged platforms.
  • As internal AM use cases become mainstream and commoditized, most of AM vendors’ growth stems from addressing customer requirements for external AM use cases, specifically business-to-consumer (B2C), business-to-business (B2B) and government-to-constituent (G2C).
  • There’s accelerating interest in more efficient low-code/no-code approaches to orchestrating authentication and authorization flows. Consequently, more vendors are adding this functionality.

No. 3: Which capabilities are must-haves for AM software?

  • Directory services. Features for managing internal and external types of identities, and providing directory and identity synchronization services leveraging system for cross-domain identity management (SCIM)
  • Internal access administration. An application launchpad, and basic life cycle management and user administration capabilities for internal identities
  • Authorization and adaptive access. Authorization decisions and enforcement, policy creation and sources of stored and contextual data used to evaluate risk and dynamically render access decisions

No. 4: What key challenges should security and risk management leaders keep in mind?

  • Disparate stakeholders with varying goals for external and internal users often champion AM initiatives. But initiatives focused on only one population can be costly and lack necessary features when extended to another.
  • AM capabilities continue to grow, overlapping and converging with adjacent IAM and security markets  such as user authentication, identity governance and administration (IGA) and application programming interface (API) security. This complicates mapping an organization’s IAM business requirements and use cases relevant to access management.
  • Shortlisting vendors for an RFP process is complicated by the sheer number of vendors, which vary in the number and type of capabilities they deliver.

No. 5: How should security and risk management leaders help guide the evaluation process?

  • Facilitate a single-vendor strategy by evaluating tools’ capabilities essential to internal and external use cases.
  • Carefully evaluate the roadmap of converged adjacent IAM capabilities in software-as-a-service (SaaS) delivered access management tools.
  • Ensure that the AM tool you choose demonstrates resilience and continuity capabilities so that you can minimize service interruptions.
Source: Gartner

Subscribe to Farvest IT newsletter for free!