KuppingerCole's Lead Analyst John Tolbert presents the findings from a recently published Leadership Compass on CIAM solutions
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
KuppingerCole's Lead Analyst John Tolbert presents the findings from a recently published Leadership Compass on CIAM solutions
KuppingerCole's Lead Analyst John Tolbert presents the findings from a recently published Leadership Compass on CIAM solutions
We get started this hour. We've got after I ramble along a little bit about the leadership compass and the product surveys, then we're gonna have a really nice case study Franklin cubby. So we'll try to save as much time as possible.
So yesterday you may have seen a little bit, if I just throw a slider to it, overview about how we do eCommerce with consumer identity and access management systems, how it facilitates it in this way, you know, consumers provide their information through progressive profiling rather than, you know, like enterprise cases where you get all the information up front before you build an account. And the purposes of that information collection are usually very different.
Obviously for employees, you know, you want to get the information you need so that you can determine what they should have access to from the consumer side, you're trying to figure out ways to increase revenue, get better targeted marketing. In some cases enable different kinds of use cases.
And then, you know, be able to comply with whatever local regulations are relevant. Customers decide what to share. That's why consent is really important. And by an integration of consumer identity, man management, with customer relationship management, we get better marketing. Couple of the things that we see that are driving this in the EU, as well as elsewhere.
We've heard a lot of talk in the last couple of days about GDPR and from a technical perspective, we've got to be able to collect consent from people store that for auditing purposes, the default should be that they opt into data sharing and data usage not opt out here. We should be able to cm system should be to provide notifications with terms change and ask for the consumers to resend or not. They should have dashboards so they can decide at a later time, maybe they want to revoke that consent.
Maybe they want to export their data and take it to a different service provider or delete that data altogether. There's a regulation. We haven't talked about so much here because it's mostly applicable in the EU, but it's their revised payment service directive. And it's pretty interesting. Technically it draws upon things like anti-money laundering, know your customer, it's forces strong authentication for mobile payments and, and payment initiation services and account aggregation services.
And then it will also require banks and financial institutions In the EU to offer APIs for the third party providers. So there's a lot of interesting tech work that's gonna be going on over there in the next 12 to 18 months, but both of these are actually driving the adoption of consumer identity analysis management solutions in the EU, because obviously on the GDPR side, it's a good way to collect consent. And on the PST two side, it's a way to provide some competitive advantage yesterday. I'll just have this one again quickly. CIMS the fastest growing market segment.
A lot of money I've seen higher estimates than this. We've got lots of specialized CIA vendors. Some are represented over there. And then we also have enterprise IIN vendors who are now getting into the space because they see that this is a good place to make money and digital transformation will continue to drive this. So in this quick session, I wanted to talk about the results of our last leadership compass leadership compass goals of product comparison report.
Other Analyst firms have other names for, but I thought I'd just talk a little bit about how we do it and what the results were for the long before consumer identity. So first off we figure out what the criteria are we want look at. Then we contact vendors. See if they're interested in participating. Generally they are, but even if they're not, if we can collect enough information through third party research, we may decide to include them report. So we send out a fairly detailed questionnaire.
I've heard some vendors complain about the length of the questionnaire because we go into lots and lots of detail. Then we collect the responses, interview the vendors, give an idea for what their roadmaps are like, what they're planning, so we can figure out how innovative they are in the market or how innovative they plan to be. We also talked to some of their active customers, figure out, you know, how satisfied they are, not only with what the product currently offers, but you know, what would they like to see differently? And then we prepared objective ratings and write the report.
And the reports have lots of cool graphs. I've excerpted some of those for you here in a minute, but then also quite a bit of detail. We do like a one page overview on each product to talk about specific areas of strengths and weaknesses and where we think the, their good points and what the challenges are. We always try to cover, you know, some level of technical depth about what the product offers to. So it's more than just a look at the, the market share or, or, you know, or what they're doing at a very high level.
We try to provide information that's useful for clients to use for RFP purposes. So the components or the categories that we look at, security, that's internal product security things like do they require the use of, you know, multifactor authentication to get into the administrative console? Do they have delegated administration or role based admin? Then we look at functionality, you know, that's pretty straightforward, you know, in an area like CIA and you know, what features does it have?
And does it meet what we think are the, the minimum set of features you would want to be able to consider yourself a CIA product usability again, what does it look like? How does it feel both to the end user? And then also for the administrators that have to administer the product integration. If let's say it's a traditional I vendor, they've got their CIA and package, but they also have their identity governance and their SSO. It's how well does this product fit in with the rest of their products?
And then interoperability is really driven by standards, you know, do they use all the applicable standards in the field so that they can interoperate with other products as well? And then kind of in a different vein. We also look at the innovation. We try to rate, you know, based on what we think the market needs and then where all the different vendors are, you know, sort of compared against that with what things are they offering the position of the market, their financial wellbeing, and then they're partner ecosystem.
If they're trying to do everything themselves, or maybe they're just localized to north America, you know, to be a market leader, you really have to be a global company or at least be selling, supporting on all continents. Except I, for this report, you can see the, the companies that we surveyed quite a number of them. We just did this at the end of last year. We added several new companies before we, this report in time for our European identity and cloud conference. So it picked up a few extra companies between the end of last year and early summer.
And we'll see how it turns out in the minute quick refresher. You know, some of the key features that we evaluated registration, do they have self-service portals? Do they take social logins? That's really important? Do they do bulk provisioning? Not all of them do. It just depends on what their target customers are authentication.
You know, the more methods, the better, especially the ones that are a bit more technically sophisticated. We talked a little bit about mobile biometrics yesterday afternoon. I think that's gonna be increasingly Important in the consumer space. Then often one of the, the business drivers is to improve the customer experience, not to have, you know, so many different usernames passwords, even for associated sites, not to have confusion.
So, you know, many of these packages offer things like white labeling so that you don't even know Jason showed a really good graphic this morning, how they went from one company page to another and, you know, you really had no idea it was gig behind it. So that's kind of example of white labeling de integrated branding SSO across multiple sites.
You know, we heard about, you know, some very, very large holding companies that have lots of well known brands. And it's certainly nice to be able to say, log in with your favorite social network provider and then browse seamlessly across all those brands as you need to fraud detection. Just what it sounds like.
The, obviously there's a big increase in fraud these days online. And the more that consumer identity and access management vendors can do to help prevent that through looking to their own networks, aggregating all those statistics and then working together with other social network providers, other C and vendors to identify potential fraud actors and prevent that. That's a good thing. Privacy management, again, GDPR fine grain consent, very necessary. There are companies, cm companies that are really specializing in this, making it is, you know, sort of the hallmark of their CIA offering.
So we'll get that in a minute. And then, like I said, you know, there's the security aspect integration with SIM products and, you know, strong administrative capabilities. Marketing's often a driver.
You know, we break this down into identity analytics about, you know, actual logins or failed logins or password research requests, those kinds of things, the marketing analytics, that's collecting all the demographic information you can about the customers. So you can sell better to them. And then integration with marketing automation tools so that they could get lots and lots of email and IOT, smart homes, wearable devices, some of the cm vendors are, are really beginning to put a lot of effort into this.
And I think this over the course of the next year or so, it'll be one of the areas we'll see a lot of innovation. So back to what you'll see in the different categories of leadership on the leadership compass, we have four categories, the product leadership it's really about, you know, how complete is the vision.
I mean, I think we're all familiar with products that Are kind of niche players. They, they hit a few of the important things, but not all. So to be a product leader, you've really gotta all buffer all the functionality that people would expect in a CIA product market leadership.
Again, you know, how many customers, how big is the company? Where are the customers? What's their support ecosystem.
Like, you know, to be really big in one part of the world, but have no support in other parts of the world, doesn't make it all that attractive a solution. If you happen to reside in one of those areas where they don't have a lot of support, innovation kind of talked about that already. And then overall leadership, we're trying to put all those things together. So here's the graph from a couple of months ago, we show gig out there as a leader. And we also a sales force jam rain for truck P identity, very, very close they're and the leader side of the board there.
But, you know, there's been a lot of innovation, a lot of development again, because it's such a fast growing field. So we have IBM CA you know, very close to the leadership category. I welcome is a company based in Netherlands, and they're the ones that really specialize on GDPR compliance of the, you know, extremely full featured consent mechanism and, and audit trail.
Then we, you know, we see some of the rest there logging radiuss come up considerably as well. They've got large, large number of customers and each one of these, you know, these are as objective as they could be looking at all the different factors that we've discussed on the market leader side. This is probably hard to read. It's hard to read for me right here. So again, you know, we've got giga J rain, Salesforce, IBM, and Microsoft, you know, really commanding the market at this point, but close by then, you'll find wardrobe paying Okta CA.
So again, it's a very large market, so there's lots of opportunity for these charts to change over the next few years, as well on the product leader side. Again, give you front Salesforce for rock jam ping. And I welcome, even though I welcome, I have smaller market share than space. They do have a very complete vision for their product. That's why they're able to make it up there, even though they don't have the market size.
And again, you see a nice, you know, fairly straight line distribution. These are product leader compared to an overall leader axis on the Graphs in thinking about innovation. Before we see that one, the top features that I identified this year, of course, consent management for GDPR adaptive authentication, which is more than just multifactor, but being able to write policies and say, oh, you know, you may have logged into the username or password, but you want try to pass this high value transaction.
Well, that's not good enough. So, you know, being able to have some sort of risk based policy that can bump up or request to step up authentication or some additional information about the context of your request, that's becoming a key feature as well, especially for things like PSD two in Europe, but also just in the us or anywhere else around the world where you want a higher level of assurance about the person who's trying to initiate some high dollar or high Euro transaction, integrated fraud and risk analysis.
We're starting to see some of that, you know, to work in conjunction with adaptive authentication, but this also includes, you know, subscribing to third party threat feeds, cyber threat intelligence, fraud, risk feeds from like RSA or new star. Somebody like that mobile support is important today. And like I've said before will become even more important in the days ahead. Internal product security is something that we would like to take for granted, but it's not always there again, it depends on the model.
What kind of product or what kind of market the product is trying to serve IOT identity integration? I think we're just really on the cusp of that.
I mean, we've got, you know, just a few standards, like the oof two device flow that a few of the vendors are supporting. Some of the vendors are trying to tie int devices, but it's not, it's not in any standard way. They have some proprietary ways of doing it right now. But I think, you know, three to five years from now, this area will be a lot more well thought out and have more standards.
And these companies will probably be adhering to those and then marketing analytics, you know, for those who adopt cm solutions, because they want to get more bang for their buck and the having built in marketing analytics versus API access to data that you can transform into marketing analytics. That's an interesting area. The many of these companies have built lots and lots of very detailed, but configurable reports into their base product.
So on the innovation side, we see again, gig you eye welcome, and for truck kind of in the innovation leader, but again, closely followed by Salesforce, Jan IBM CA and ping they're all right there on the other side of the line. So many of these companies are doing lots and lots of good things.
They're, they're trying to provide the solutions that their customers are requesting. So I think anybody who's, you know, in the top two thirds here are making a really good effort to address the needs of their customers. And sometimes those differing customer needs lead each one of these vendors, maybe in a slightly different direction. So I wouldn't say that you should look at my graph or any other Analyst Analyst graph and just say, okay, I'm gonna pick the one at the top because that doesn't, you know, it's not one size fits all.
If you drill down into the detail of the report, you'll see that, you know, maybe this product here is actually better suited to my environment than my business needs. So I also wanted to leave you with some predictions where I think cm will go in 2018.
On Monday, we had a QAR workshop. We like QAR a lot. I think there's a lot of good work that's going on there and certainly needs to be promoted. So the user managed access and consent receipt that we heard about definitely will be quite important for the EU. But I think also here as well, the whole notion behind user managed access is, you know, getting control of what happens to your personal data back in your hands. So I think that if this catches on in the marketplace in the product space, then this will be, you know, Liberty enhancing for, for all of us who can make use of it.
There will obviously be increased customer demand for passwordless authentication. We're all tired of that. Mobile biometrics and Fido.
You know, again, it's not, it won't fix everything, but I think having different authentication options that you can assign well, I'll accept the risk associated with that based on what the use case is. It's, it's going to, again, free up consumers to have a much better consumer experience. So mobile biometrics, the use of Fido standards, I predict 2018 will be a big year for them, especially with 5 0 2 coming out, hopefully early next year and wider browser support, too. Mobile apps.
Security will be really important yesterday to talk a little bit about mobile platforms, secure elements and the trusted execution environment. I think we, I think we know at least on Android, it's not too terribly hard to write a buggy application. And if everything's running up in the rich OS, it's not exactly the most secure thing in the world.
So I, I wouldn't think you'd want to base mobile identity on, on just an app that hasn't been vetted that hasn't been written to the, the highest security specifications. I think we'll see new standard start and, you know, standards take a while to get done. That's why I was saying three to five years, but I think there needs to be work on thet to consumer identity integration area.
I think there'll be more development on marketing automation interfaces with the, the vendors that we see, particularly maybe on the, the, the lower part of the diagram, a lot of potential customers of these solutions, like the idea of being able to have a lot of pre-canned reports, but there's also a lot of flexibility in being able to write whatever you want. So if these are available through rest APIs, then you can turn your own big data analytics programs and loose on them.
Then, then that's a good way to get data to, I think we're gonna see specialty consumer identity management solutions for PSD two, because banks are going to have to fight to keep their customers. If you've got third party providers that are out there anxious to become the gateway to all your financial transactions, then banks and the unit at least are gonna have to wake up and do a lot more work to retain the business that they have. And then E it's another U initiative for strongly vetted credentials.
I think in Europe, we're gonna see more integration between let's say national IDs and the, their use for consumer transactions, but even in the us, I think, and maybe on a state by state basis, we'll start to see things like government to citizen interaction as well as business to consumer. So I think this is an interesting area. I know there's a lot of work that's been going on for many, many years. Maybe they haven't made the progress yet that we'd like to see, but maybe 2018 will be the year for the, okay. So that's here.
Some of the papers that are related to what I was talking about, the leadership campuses, and I think we've got our panel coming up next, our use case panel.