Hello, everyone. Welcome to today's KuppingerCole webinar on A Glimpse into the 2024 IGA Market Landscape. I'm Nitish Deshpande, Research Analyst at KuppingerCole Analysts. And in today's webinar, we will take a look at the emerging trends into the IGA market, some of the challenges that are still existing in this IGA space, as well as we will give you a brief overview of the results of the latest published IGA Leadership Compass.
So, this webinar also follows that part. We published the IGA LC just last month.
So, stay tuned until the end. We will show you the results of which ones are in the top place and follow us. Before we begin, some housekeeping instructions.
So, you all are centrally muted, so you don't need to mute or unmute yourself. We are taking care of that from here. Polls.
So, we always try to keep these webinars interactive. So, we will run a couple of polls in this webinar.
So, I would like to encourage everyone to participate in these polls and provide your answers using the event control panel. And by the end of the webinar, we will display the results of these polls.
Also, you can enter your questions at any time using the event control panel and we will try to answer as many questions as possible towards the end of the session. And finally, we are recording this webinar.
So, the slide decks and the recording will be made available for download in the coming days. Okay.
So, here's the agenda for today's webinar. First, we will take a look at the IGA overview.
Trends, as I mentioned earlier, then the challenges and what are the top drivers for customers to go for IGA solutions. And then we will briefly touch upon the methodology of Kupinger-Cole's Leadership Composite and what kind of categories we use for evaluating the vendors. And finally, the results of the 2024 IGA Leadership Composite. I want to start today's webinar directly with a poll.
So, I would like to ask everyone to go to the event control panel and let us know what you think. So, what is the current deployment model of the IGA solution in your organization?
Is it A, fully on-premises? B, partially IDaaS?
So, major components are on-premises? Or is it C, fully IDaaS?
So, looking forward to seeing the answers towards the end of the webinar session. Talking about IGA.
So, IGA refers to the increasingly integrated and identity lifecycle management, user access provisioning, and the identity and access governance markets. IGA is essential to business as a strategic approach to ensure overall IT security and achieve regulatory compliance. It being one of the core disciplines of the IAM, serves these three main capability areas based on our opinion.
So, in user access provisioning, it deals with the management and assignment of permissions and access to users across the various systems in an organization's IT infrastructure. This area is responsible for pushing out the changes from the IGA solution to the target systems. Next is the identity lifecycle management. This handles the end-to-end process for human and non-human identities from their creation to deletion. Identity lifecycle management is also responsible for the workflows and management of the joiner, mover, leaver activities.
And finally, the identity and access governance part, which is responsible for ensuring user accounts have the right level of access based on their roles and permissions. This area supports access reviews, analytics, anomaly and outlier detection, SOD controls, and role management to name a few. User access provisioning and identity lifecycle management are integrated to provide a seamless approach to managing identities. Whereas the identity and access governance part ensures the right policies are enforced to ensure compliance with the various regulatory requirements and frameworks.
This approach can also be found in the market right now with vendors specializing in particularly IAG capabilities. These vendors are targeting the niche market where organizations are looking at having only access governance features in the solution and not the full comprehensive IGA package. We'll also very soon release a separate video to compose on just the identity and access governance, so it will be available on our website in the next months, so stay tuned for that as well.
So thus then the vendors can be classified as either comprehensive IGA vendor as a provisioning focus or just a pure governance focused vendor. Talking about now the emerging trends that we have observed this year or in the last last 12 months you can say and automation is a key area that we have observed the vendors are investing in to reduce the workload of various tasks, various repetitive tasks. The IGA market is growing. I remember in the last report we had almost 25 vendors but in this report you can see, I'll show you later, there's almost you can find names of around 46 vendors.
So it's growing, it's maturing, so it's already quite mature based on the established capabilities but from the emerging capabilities point of view like the innovative capabilities it's innovating and leveraging AI and machine learning technologies and that has become kind of the differentiating factor between the vendors in this year's report.
So we have given a bit of emphasis on the innovative capabilities of the vendors as well and so with all these talks of AI and machine learning we also carried out this survey to understand the status of incorporating these modern technologies in IGA and access management solutions and based on the responses that we received as you can see almost more than half of the respondents still do not have any AI supported technology for IGA in their organization while the 28.6 percent of the respondents said they are at least in the proof-of-concept phase and 19.6 of the percent of the respondents said they already have a functioning productive AI supported technology for the IGA on access management solution.
I'm sure in the next version report that we release in the next year these numbers will shift around so far around and so looking forward to seeing what happens there. There are also some other emerging trends in IGA that we have seen in the first one is with deployments the question which I asked earlier. So what we are seeing right now is compared to the previous 18 months the deployment models are moving more towards a fully I-desk mode.
There are still some companies who are running legacy on-premise systems and these are basically some of the companies which require high regulatory requirements and they are in the finance and the healthcare sector so that's a section of companies that are still holding on to the on-premise systems. There's also now further integration of AI and machine learning that we observed that vendors are doing for tasks such as access reviews, gaining insights from analytics, doing evaluation checks, access recommendations and some of the others.
Also having a scheme interface for easier integration with third-party systems and application and boarding is something we have seen as an emerging trend. There's also some work being done around key connectors so support for key connectors for enhanced visibility. Vendors are also moving away from a siloed approach and towards a more unified approach right now. From the customer's point of view we have seen many customers ask their vendors for the role mining capability so that is one of the most sought-after capability that we have encountered while we did some of the evaluation.
If you talk about the overall market, it's going at a steady rate of, it has a CAG of 19.6 percent and based on the survey that we carried out we expect the market to be at around 5.75 billion USD in the next two years. But let's come back a bit and talk about what's right now in the market right now and what are the challenges that are from two perspectives, from the vendor's perspective and as well as from the customer's perspective.
From customers obviously it's there's a vast number of vendors out there in the market right now so selecting the right vendor, understanding the capabilities of the vendor, matching them to your missing apps, your requirements is a huge challenge, a huge task. And so is the IGA project. It's a complex and costly project with multiple challenges that range from application onboarding, stakeholder management and budget constraints.
If we keep away the technical challenges away for a bit and then what we have seen is based on our research and surveys the main reason for IGA projects coming to a stall or standstill is stakeholder management and the budget constraints and which I think and that's where it is right now. So while we talk more about, if we talk about the changes from vendors point of view it's management of roles and entitlement.
So roles are complex and what we are saying is there's not a, it's not a lean approach to dealing with individual and all certain entitlements but roles can be made less complex by bundling let's say for example entitlements based on access packages. We have seen some vendors do that but it is still not used on a widespread level and I think that will solve many issues when it comes to management of entitlements. Next is the recertification process.
It's unrealistic to do manual access reviews of hundreds and thousands of access reviews that will lead to human, it will lead to errors because of human intervention and in the next slides I will talk a bit more about what can be done to minimize this recertification issue. And finally it's the customization of the IGA solutions. So from customer's point of view the organizations are lacking a clear approach, how they want the solutions to look like, how they want the solutions to work and also some of the vendors are still not providing comprehensive out-of-the-box processes.
So if you talk about the anticipated direction of market where we believe that if there is innovation in these areas, if we address these fundamental challenges before we move towards the more fancy stuff of AI and machine learning, I think that will address many challenges if we can take care of these few points. So first is the automation. So automating birthright entitlements based on predefined policies. We believe ideally in idle work it should be 90 percent of the birthright entitlements should be done based on policies but that's not realistic so maybe at least 50 to 60 percent.
So having robust and effective birthright provisioning policies can be instrumental in granting these mission entitlements and the role-based access contributes towards establishing the discovery and mining of these birthright provisioning policies. This will help to streamline the IGA process, reduce the workload of the staff and also mitigate the various risks arising out of unauthorized access if the access is only granted when it is needed. Next is the policy. So automating access entitlements and access reviews can be carried out based on predefined policies.
So entitlements should be granted and revoked based on these well-defined policies. This will not only enhance the quality of entitlements but it will reduce over entitlements. So access certification should be done via policies rather than manual process and what do you need for that? You need strong policy lifecycle management that involves creation of policies, implementing, reviewing of policies, updating them, testing of the policies and retiring the policies. Policy lifecycle management is crucial to ensure entitlements are granted fairly and efficiently when it comes to providing access.
IG vendors can further utilize these policies for other various areas such as granting authorization and authentication. So policies need to be an integral part of the framework when deciding which user can get authenticated, which user can get authorized. But there's a challenge around policies as well and that is the major challenges around reviewing policies is that the decisions are made based on the given data. Thus the data needs to be accurate and how can you achieve that? It's with good identity lifecycle management.
Potentially also good data governance might be required too if additional data is being used. And that will address many of the issues. And finally it's steps for customization and just simplifying the process. So it's for organizations to step back and really understand the processes and the requirements. Implement the best practices rather than doing things the way they have been done because they have been done and no one question to ask them why they have been done in this way. And finally it's about good coding practices for customization.
Isolating these customizations into well-defined microservices and building on the identity API layer of identity fabric. Let's talk about some of the top drivers for acquiring IGS solutions that we have encountered is that these are the four main drivers. And the organizations that we have come across are based in all industry verticals. So it's not just finance or healthcare. It's manufacturing, retail, logistics, aerospace, defense as well. And first one is the regulatory compliance. It's not the main driver that is pushing organizations towards IGS solutions.
Next is enhancing the security risk management. Improving user experience is also very important. Having a good user interface, providing good self-service capabilities to the end users is also very important. And IGS solutions can provide that. And finally it is the automation part. And that and this brings me to the next poll question for everyone. So that is what were the top drivers for acquiring an IGS solution in your organization? Is it A or if you are in the process of getting an IGS solution then what are the top drivers? So is it A, regulatory compliance?
B, enhancing security? C, improved user experience? Or is it D, automation? I would again like to encourage everyone who is still attending here to please give your answers using the event control panel. And we will display the results of these polls towards the end of the webinar. It is around in a few minutes. Before we go into the results of the latest IGS Leadership Campus, I want to briefly touch upon a methodology that we use to evaluate the vendors and what are the standard categories that we use to evaluate these vendors. So it's a four-step process.
It involves identifying the vendors and conducting briefings and demonstrations with these vendors as well as receiving a technical questionnaire where we ask some product specific questions to the vendors as well as the company specific. Now we take all this information and then we go towards the analysis part where all the information is clubbed together and the vendors are rated based on information that we have, information that the experts in our company have. So it also goes through a very rigorous internal review process and the draft is also created.
Once the draft is ready, the vendors will receive the draft document for fact check. What happens is that the first process of research and the fact check usually, if there's let's say 30 vendors, so conducting briefings of 30 vendors, demonstrations, analysis, it takes a couple of months, sometimes three months. And in these three months, maybe some of the capabilities which were missing or lacking in the vendors, they have been addressed by this now. So we use this fact check process to maybe address these challenges which are no more the challenges.
And once that is agreed, we go towards the publishing of the leadership campus on the Copenhager Co website. I also want to quickly recap about the analysis part is that we evaluate these vendors based on nine different categories. So it varies from the security of the product, the usability of the product, interoperability, as well as a more company specific questions such as in which regions does the company operate, how many customers they have, how many system integrators partners they have.
So it's a very thorough review of each and every vendor that we carry out before we publish the document or even send it out for fact check. Now it's time for the results of the latest leadership campus.
Yeah, so here's the list of the vendors which were rated in this leadership campus, as well as there are a few more vendors towards. So as you can see, there's around 30 vendors that took part in the latest leadership campus. They range from your established large vendors to also some of the new upcoming vendors. And there's another 16 vendors in the vendors towards section which did not participate or could not participate due to some reasons. So but they are still present in this report. So you can see there's already 46 vendors here.
This one report itself and we provide a brief introduction and one of the strengths of these vendors to what vendors in the vendors to what section to just give you an idea on what that is. And once we did all the analysis of these 30 vendors and we reached this point where it's the final result. On the right side in the red section, you have the overall leaders. In the middle, you have the challenges.
So these are the vendors who have those established capabilities, like the basics of under life cycle management, access governance, but they're lacking in some parts of let's say, usability of the product, or the breadth of the product, we can say that. And also maybe they are lacking, they are operating maybe only just one region. So they are just starting up. And this rating is generated from it's a combined view of three different scatters, which is also present in this report. Those scatters are based on the product leadership.
So where we rate the vendors purely on their products capabilities. Next is the innovation leadership scatter, where we look at the innovative capabilities of the vendors. What are they doing in the next six months, 12 months, what are and how are they even doing the basic functions are doing in an innovative way. And finally, it's the market leadership category, which looks into the customer base, the market presence, system integrators, and maybe also a bit towards their financial condition as well. Are they profitable as well. So we also take that into account.
And we combine all these three categories and that provides us this final picture of the overall leader. So as you can see on the almost 40% of the vendors are leaders. They are made up of large vendors and some IGA specialists. But this provides a picture that the IGA market is mature. Most of them have these basic established capabilities. While the vendors in the second section are making progress and we expect to see some innovation in this. There is one more part where we do the analysis. And it is around, you can say more product specific.
So, for example, you can see here we have this spider chart where we rate the vendors capabilities based on this predefined eight categories. And this is available in the report as well for all the vendors.
And also, you can also then go based on your requirements of the capabilities, try to identify which vendor fits more to your requirements. We have one case open select tool for that as well on our website where you can go and select the best use cases for the requirements. And that will provide you a list of vendors which match your requirements.
Of course, it's without saying that a thorough review of the vendors needs to be done based on your capabilities. So, I think that kind of summarizes the current, the latest IGA leadership compose as well as some of the emerging trends that we have seen so far. And we still have a few minutes left.
So, I would like to first start by showing you the poll results. So, if we can have the poll results of the both of the questions. The first question was, what is the current deployment model of IGA solution in your organization? And it's almost equal with fully IDaaS and partially IDaaS while on-premise is slow. And this is, I would say this is in line with what we are seeing in the market as well compared to previous years where the share of on-premise solutions was much, much higher. It is now finally shifting more towards IDaaS.
But again, as I mentioned earlier, the companies, some, there are some companies in these critical sectors who still need to, who are still hesitant to move towards IDaaS. So, maybe those are the few ones which are still behind or perfect. And I think we have one more poll question to go through. Can we see the results of the second poll?
All right, here it is. So, what were the top drivers for acquiring IGA solution in your organization?
And again, we have a tie here. The first is regulatory compliance and enhancing security. Improved user experience is not at that high of the priority list, but again, automation is increasing. Regulatory compliance, an ever-changing landscape and that also deals with security.
So, perfectly, this makes sense why these are the two main drivers. There are a few other areas as well. If you can recall, it's more about just improving the overall structure, but perfect. Thank you so much for these results. Do we have any questions? I will quickly check if we have any questions. How are the IGA solutions being adopted usually in the market?
Oh, okay. Good question. One of the adoption patterns that we have observed in the market is a managed service supporting identity-led skill management and access governance is run within the organization. But there are several other adoption patterns that we are seeing within the market, such as customers' immediate requirements are limited to either just provisioning or the access governance part, but they do not require a comprehensive IGA solution. Modernizing and moving from low-end approach and users to comprehensive and mature IGA solution is another adoption pattern that we have seen.
There's another aspect of modernization is whether a capable user access provisioning or identity-led skill management tool is already in place and IGA capabilities are added to complete the IGA requirements. Well, I think that's all the adoption patterns that we have seen.
Oh, okay. We are right at the time. Are all the leaders, I'll take one more question, are all the leaders really a full-featured IGA vendors? What we have seen is they are really investing a lot in IGA, their full-featured IGA solutions.
So, you can see there are some more solutions in here like this RIGA and such ideas. So, these are more niche solutions for operating on a specific platform.
So, that's why maybe they are a bit down the line. I hope this answers your question. Okay.
So, I'll take one more question. We are already over time. The session is titled 2024 Market Landscape. We are already in September. I'm sure you're not looking ahead to 2025 already and what do you expect the next landscape to look like?
So, completely valid question. We are already in September, a few more months to go in 2025. We will start the process for the next – we'll see again.
So, but coming back to 2025 and the landscape is addressing just the fundamental issues and challenges that we have seen earlier in this webinar. I think that's one of the crucial parts where the vendors will be and should be focusing innovation in that area is crucial.
Of course, all the vendors that we have rated in this Leadership Compose are focused on – not focused, but they have displayed capabilities around AI and machine learning for various activities and they are focusing a lot on automation. But I think there's these two parts which we expect that in 2025 this will improve more. Okay. I think I'm getting the reminder. All right.
So, that is it. If you have any more questions you can reach out to me on LinkedIn at Mithish Deshpande or send me an email at nd.kubringerkol.com and I will happily connect with you offline and take the conversation offline.
So, also, I would like to remind everyone to also check out our website for more research items based on IGA as well as many other topics from all the very experienced analysts in our team. So, again, thank you so much for your time and see you next time.