Results from a recenty published KuppingerCole Leadership Compass on Consumer Identity and Access Management Platforms
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Results from a recenty published KuppingerCole Leadership Compass on Consumer Identity and Access Management Platforms
Results from a recenty published KuppingerCole Leadership Compass on Consumer Identity and Access Management Platforms
So in conjunction with the conference, we're releasing a new leadership compass document today, and it's about customer identity and access management. So again, to kind of go over some of the differences that we see between what we think of as traditional IM versus customer facing, I am, you know, in the old days, and still today is had mostly been about employees, you know, building the infrastructure for employees to be able to get identity and access management.
And some of the things we think of there, you know, curbs for authentication, smart guards for, you know, high assurance authentication in, in some forms of hardware tokens, then, you know, the attributes that we collect from the users in this case are usually used for authorization. And this is structured data that can live mostly in LD range, quite broadly, really likes with problems as we all know, but it also includes social logins.
People are happy to use things like Facebook connect, Twitter, LinkedIn, other existing accounts that they have to both register in comparison to being provisioned and pull information from their existing social accounts to start accounts with other companies. And then also mobile login. That's become a very important way for consumers to be able to get access, not only to their mobile apps, but to other sites that might be related.
And again, the attributes are not necessarily for authorization, but more for knowing your customer. And they include not just structured data, but unstructured data as well. So from an architectural standpoint, when you see things above and beyond just LDAP and SQL, there's lots of no sequel and big data tech and structures and systems and applications that are involved in some of these customer identity management systems. And we tend to think of as being a little bit lighter weight, but OAuth and O IDC have become much more important than things like Sam.
For the most part, it is the Federation protocols for C systems. And one of the concerns, arch concerns that we have is privacy rather than access control. So I showed these briefly yesterday, again, you know, looking at e-commerce and I am the way it historically started out.
Everything was siloed, everything, you know, people on the inside users, employees directory, and then you have people on the outside, but you know, over the last few years, seeing the firewall come down, so to speak, we've got more people crossing back and forth instead of just entering data into CRM and trying to track what people do in a more manual way. One of the benefits of cm is they're actually collecting this information directly from the users themselves.
So with cm, the self-registration the notions of progressive profiling asking people, not for all their information at once, but, you know, ask them a few questions at a time and gather information transaction by transaction to build a better picture of what it is they want from you as a service provider or a retailer. So this doesn't do away with CRM systems, but it definitely compliments the information that's there.
And again, it starts to blur the lines between the inside and the outside companies as well. Well, so for the leadership compass, when we put it together, we've got a, a methodology that we follow and then to start with identifying the criteria that we want to evaluate, and then the vendors that we want survey. So CMS been around for a while, but still fairly new in, in most people's minds. So how do we differentiate that from IM?
So we started with looking at, you know, some of the existing products that are out there talking to customers, reading about what's available, figuring out, you know, what are the key criteria that we think we should rate a, a vendor's product on, and then identify those vendors. Once we've collected this information, we contact vendors to participate and send them a questionnaire, quite extensive, excuse me, in this case. And fortunately, most all of the vendors respond to the questionnaire, provide lots of information for us to evaluate going through the evaluation.
You know, it's pretty objective process. We take a look at the questions and we can rape them according to different categories. And then sort of set, you know, the ideal, say like numbers of authentication industry norms at the time. And then another important part of the process is actually interviewing both the vendors themselves to hear from them, what their capabilities are, find out a bit about the roadmap and see where they're going with their products. And then also talk to some of their active customers, find out, you know, how well is it working for them?
What were some of their key objectives in trying to deploy CIA system and have they been met? And then also getting a bit of information about the vendor, have they been satisfied with what's what's been provided?
So, so again, culmination of that, we take all the, the rating materials, put it together and then prepare the final report, which as I said, is I believe going up today and we'll give you a look at some of the information contained there in, so the vendors that we talked to for this particular report are for drug giga. IBM, I welcome Jan rain login radius, Microsoft Okta paying identity, Salesforce, SAP, and secure off. So a look at the, the criteria in a little bit more detail, we thought registration was very important. How do users actually register?
So most offerings seem to have self-service Porwal registrations that allow links to social networks to pull information say from Facebook or Twitter, or you can generally use any open ID that you've got is a basis to starting the registration as well. Many also offered bulk provisioning, you know, from either L D or ski interfaces to get things started easily authentication. That was an important differentiator. I found again, most always said, user name, password is an option. And then a variety of the social logins.
It depends on how much support they wanted to give to the different social network providers. And then there are different mobile apps that can be used and then biometrics as well.
And again, looking across all the vendors, a lot of times, depending on what their target customers were, target industries that they were going after actually influences which authentication options are commonly deployed in their products. Lastly, on the user experience side customer experience, almost all have the capability being white label for seamless branding, so that, you know, you can, you can plug in a few pieces of code on your website and it looks like you're just doing the authentication locally. Doesn't look like that.
You necessarily farmed out all the action to Facebook, which goes for the, the seamless and integrated branding across all your different sites. Again, most can do single sign on if you've got a large set of related, but distinct web properties, you can use a single sign on across all of those security and privacy fraud detection. Obviously there's a never ending list of breaches of the news days, day after day.
So, you know, how do sites are gonna implement things like CA and prevent or lower the risk of getting hacked in, in an attack like that? So, you know, many do user behavior profiling, try to get an idea of what's normal for a user in terms of geographical location or IPA address, or even some of the things that they normally would do.
You know, if it's a retail site, you know, maybe they, they have a certain range of product that they normally look at. Sometimes looking at something beyond that from a different IP address or different geographic location set off of water. There's also the possibility. And some do integrate with third party threat intelligence providers. And I think this is an area where they all really need to, to go in the near future. There's a lot of good information out there from many, many different sources.
I think the problem in integrating threat intelligence is being able to weed up the, you know, the noise from the important signals. There there's so many different threat intelligence providers, but integrating this into your product can be helpful in terms of, again, reducing the risk of people using the compromise credentials on your sites, privacy management.
Again, we've very much in the last two days about GDPR and the need for privacy going forward. I think, you know, the fine grain consent mechanisms that we've talked about are absolutely essential in the next 18 months or so to be able to comply with GDPR. And they're also best practices in terms of provid providing consumers with the privacy that they want. So besides the consent mechanisms, you know, we need the ability to edit, export the data upon request and then lead customer profile data.
And there's some differences in the implementation between the different products, which ones can support all of those different features right now. And which ones I would imagine that again, in the next 18 months, most are gonna have to support all of those different features to be, to DPR compliant on the security side, we're looking at, you know, administrative security of the application itself, how it integrates with SIM or realtime security intelligence. And then what are the strong authentication and authorization options for consumers.
And, you know, that really is tied to what the, the use cases are that they're trying to support, you know, talking to one bank, no one wants to use their Facebook login to log into their bank and, and make mortgage payments. But they also it's, it's acceptable to do that for things that might be lower risk, like it's a hospitality or entertainment site using social logins is quite acceptable there, but it seems that people have a version to linking what they think is their personal life to their, their financial life.
So on the marketing side, excuse me, it's important to draw a distinction between what I would think of as identity analytics on the one hand, you know, just how is the system itself functioning? How many logins, how many failed logins, how many password resets, or, you know, changes to customer profiles that information, you know, ideally would be available through the CIA system itself, if not, it's very important to have interfaces to other programs that will allow you to do reporting on that.
On the marketing side, can a little bit different, you know, there's different kinds of information that collected. There's lots of different kinds of reports that are available in some of the cm packages. Being able to sort transaction data, let's say by age, gender income, and pull in social media activities as well. And then again, if the cm system doesn't provide this natively, being able to have an API to get access to this information is probably important depending on what your actual intended use of the information would be.
And then lastly tie that in with marketing automation, some of the vendors provide native support for that others do API, and there are some that offer out of the box integration with a bunch of different third party marketing mission tools. So here we are looking at how they, they scattered out in terms of the product. This will be available for people to take a look at as a result of attending the conference. We're going to provide everyone with limited, limited time access to this report and others.
So I wouldn't say it speaks for itself, but you probably wouldn't agree the information here again, you know, it kind of moves from left to, right. And what you're seeing is a culmination of the answers of many different questions and, and ratings and subdividing the ratings.
But in overall product leadership, we see ping identity, gig Salesforce, and I welcome, but I think it's important to remember that, you know, the ratings are there for a reason they do help drive purchase decisions, but, you know, it's important to read all the detail and to think about what your own specific needs are for a CIA or solution. Cause there are a lot of differences in the products as well.
I mean, most of them have many of the same basic features, but how they implement them or what they choose to focus on various greatly between each vendor's product. So it's important to not only look at the ratings, but look at some of the detail that's behind the ratings as well. On the market leadership side, we see Salesforce B IBM and Microsoft understanding Microsoft has a fairly recent entrant, but out of the gate, they have extremely large customers. And so market leadership is determined by a number of different factors as well.
You know, the number of customers, size of the company, size of the, how many consumers are using the market leadership graphic here, You know, on innovation. You know, we look at innovation as a, you know, a really key thing to differentiate the products as well. And the way we determine what shows up on this chart is based on asking questions about roadmaps, about what's currently supportive. Some of the technologies that we think are important today and will be even more important tomorrow.
And we've heard about some of those today already from some of the speakers, things like Luma, you know, biometrics and how about how that can be used in C systems. So when you look at this chart, you see, I welcome is out front, followed by giga and for Salesforce.
And, and then we put it all together in the overall leadership chart and we find Biga in the front again, closely followed by ping for rocket sales force. As I said, all these will be available out oh, later today. I think so again, it's just important to take a look at all the detail behind the charts, as well as looking at the charts themselves. There's multiple ways to look at it. The information was provided is represented in some, the texts behind the chart as well. So with that, what's the vertical.
Yeah, same in this case, Nothing, nothing. It's very simple. Just really read it to, right. So last follower, usually very specific offerings, or when you look at private leadership, rather small layers challenge was the one who are challenging the leaders at the end day and leaders to the right the is just to enhance readability. So the S only that we don't have just a single line of it, and that's why we have more than two axis and having three axis on more in one, one figure doesn't work well. So we split into a couple of different use.