Hello, I'm Richard Hill, an Analyst Analyst at Cole. And today we are having a webinar about leading vendors in the market of identity API platforms published in one of our recent leadership.
So before getting into the webinar topic for today, here's some information about Cole. We have a number of different business areas that we focus on research, where we provide vendor neutral research on identity, access management, and other security topics, as well as conducting Analyst briefings and giving up to date, objective advice and research reports.
We also give events, we conduct conferences, webinars like this one and other special events, such as e-learning and meetups. We provide relevant and leading edge topics. These events provide insight into industry trends, give good networking opportunities and a chance to meet the experts in the field. And then finally, KU Cole also offers consulting engagements worldwide that could help make your business more successful, which we give the most current advice in the area. Digital transformation
Cooper Cole research comes in multiple formats.
We have the leadership compass, which gives you an overview and insights into market segments, providing you a compass to help you find the products that you need. Executive views provides a condensed overview about a specific product or service focusing on the product or services, strengths, and challenges in advisory notes, give you in-depth research and analysis into specific topics, vendors, or products and services with deployment and operational recommendations.
And we also give leadership briefs covering current business challenges with clear focus on the key issues and give advice on how to address them. Cooper Cole now offers KC plus a new content and research platform. It allows for easier searching of relevant content that may be of interest to you. Content is now directly available online and mobile access without the need of downloading PDFs anymore.
KC plus also offers more convenient subscription model, which will, which you could pay only and get full access to Casey material, including leadership compass documents for a year Cooper Cole advisory includes benchmarking and optimization that helps organizations to clearly understand the maturity of the processes and systems such as readiness assessments at security technology areas or product shortlist.
We also offer strategy support that helps provide direction for organizations to speed up the decision making process architecture and technology support to give a clear vision in roadmap of it, architecture and products. Also, we give project guidance on project implementation through the evaluation of the organization's project.
The next upcoming call event opportunity is in November cybersecurity, leadership summit and cyber access summit.
Both in Berlin, germ in Germany later in November is an AI impact summit also held in Germany, also saved the date for the European identity and cloud conference, which will be held in Munich, Germany in may of 2020, and finally cybernetic world, which will occur in multiple locations. In November of 2020, the conferences offer a mixture of best practices, discussions, visionary presentations, and networking opportunities with the future oriented community.
The conferences will expose you to thought leaders, leading vendors, Analyst, visionaries, executives, where attendees can be inspired by a list of world class speakers.
And now here's some guidelines for today's webinar. Everyone is automatically muted, so there's no need to worry about muting yourself. We will be recording the webinar, which will be available. I believe sometime tomorrow on the Cola website. Also we'll save some time at the end for questions and answers. So the go-to meeting control panel has an area to type in your questions at any time.
So I thought we could start out by discussing why talk about identity API platforms to get an idea of why identity API platforms. It may be helpful to look at how IAM has changed over time.
So traditionally the it environment has run within the walls of the perimeter and these IAM solutions were more monolithic and centralized identities were managed and stored on premises and local access control systems were used to ensure employees just had the access to the resources they needed through controls like authentication and authorization with the ability to audit user access.
And then we started seeing Federation hubs or bridges that extended the reach of where identity and access controls, reside Federation allowed for the secure exchange of user information that could be between divisions within an organization or between organizations in the same industry sector. For example, single sign on systems gave users the ability to authenticate once not only across multiple it systems, but organizations too. And then cloud services gave organizations new opportunities for it.
And this was really motivated by the businesses need to increase it flexibility and scalability while reducing cost under this umbrella of identity. As a service, there are a number of capabilities, not only IM but also capabilities ranging from single sign on to full identity provisioning.
She, and then organizations began reaching out to their customers and gathering information about the consumers who are using their products and services. They found that that really needed to provide a better digital experience for these users through the use of consumers, mobile devices and social networks providing a easier onboarding experience for consumers, but they also had to be concerned about privacy compliance, such as GDPR and PSD two.
And now we're beginning to see identity APIs becoming available.
And this is really driven by the need to meet new emerging it requirements such as working in hybrid environments that span across on-premise the cloud and even multi-cloud environments supporting all the different functionality of IAM and consumer. I am and identity as a service with a key focus for identity APIs is really being developer centric. In a nutshell, I am is continuing to involve to meet the growing list of it. Just to give you an idea of the growing use and availability of APIs.
Here's a graph from the programmable web who publishes a repository of web APIs, and they recently hit 22,000 API mark back in June of 2019. They report an average of over 2000 new APIs added to their list per year, since 2014, which is roughly about 170 APIs becoming available per month. Now for a quick definition, APIs, I, I really didn't find a suitable definition that I like. So I put together my own definition here. Basically APIs are a point of interaction where an interface between an API provider and an API consumer to give you a very high level overview of how APIs fit together.
In example, overall architecture, you begin with a set of services and then you make them available via API interfaces. And the APIs could be private, such private APIs used to facilitate integration of related product services, such as components within a product suite, or it could be a partner APIs that manage specific business relationships by integrating software between partner organizations or more open APIs, public APIs that expose the service functionality of a vendor to its customers.
And developers use these APIs in applications to interact with these services and access to the APIs are available in a variety of ways, such as developer ready APIs, such as a widget, which could be in the form of an application login available as a bit of JavaScript and certain to a webpage that can be configured to access a service or an SDK where developers could use a software library that they could drop into their application to make function or method calls in their code.
That in turn they could call to the service API or access to APIs directly not using anything such as intermediary type of code, but directly invoking the API endpoints, using things such as, you know, a restful call to the service. And then finally users are using a number of different software clients to access the application, not only interactions via webs interface, but also consumer mobile or IOT devices, or even voice assistance. For example, like Amazon Alexa,
A quick note on what identity APIs, at least in this discussion is not about.
Although I am vendors may have both a user interface, a graphical user interface and APIs, both driven within the solution. The focus here is really on the APIs, not on the user interfaces.
Also, we're not considering low level APIs down to the operating system or even the database level. We're not considering API gateways were private APIs used only internally by vendor companies or products or even partner only APIs such as managing a partner's account, such as a billing API. We will just give focus on the layers between the application and the service itself.
Okay.
There are a number of different factors that's driving this identity API market. One factor is the change in how businesses interact with their customers.
Another factor addresses the implementation of a new digital services. As I mentioned, I am is becoming more complex due to the different environments, which means that there's more integration points to consider. Also the use of automation is increasing, as organizations are trying to become more efficient, which includes workflows and orchestration of the security processes, or even DevOps for their tools that they use. This is driving the rapidly growing demand for exposing and consuming APIs.
So basically APIs provide flexibility in IM and it allows for the creation of new business models, identity, API platforms, expose APIs to capabilities ranging from, I am to Federation, to consumer. I am and much more while supporting both the agile and DevOps paradigms that address the more complex it environments that we're seeing today.
So Cole conducts a comprehensive process that's used during the leadership compass methodology and for the identity API platform. Leadership compass started with determining the evaluation criteria that would be used during this research.
And then we would choose and invite vendors to participate and evaluate their response to our questionnaire regarding their product or solution. And then we conduct briefings with the vendors together, even more detail, and we even interview some of their customers. And then we rate the products objectively based on all the information collected. And then finally prepare the report, which includes fact checking with the vendors that participated as well as internal reviews before we actually publish the report. So there's a lot that goes into this much detail.
Here are the different areas that we looked at in the leadership compass. So there's security, which is a measure where the degree of the security within the product.
And then we ask, you know, does it meet the security needs of today there's functionality, which measures the relation really for three factors, such as, you know, what, what does a vendor promise to deliver, or what's the current status if the industry in this market segment, and finally, you know, what does Cooper Cole expect the industry to deliver, to meet really the customer requirements integration, which is the degree in which the vendor has integrated the individual technologies or products within their portfolio.
And the extent to which products interoperate within itself, the degree of overhead to integrate within existing enterprise infrastructure is also considered. And then the interoperability, the ability to, of a product to work with other vendor products, standards, or technologies, and then usability. So this is the degree in which the solution enables accessibility to users and admins such as, you know, how well integrated users or API interfaces are constructed or, you know, is there good documentation? And these really are just some examples.
Additional ratings are used as part of the vendor evaluation. So there's classification of innovativeness. This is the vendor's ability to drive innovation a direction which aligns with Cooper. Cole's understanding of the market segment there's market position. This is the position the vendor has in the market. And this factor considers the vendor's presence in major markets, for example, and the financial strength, which could be an important factor for customers when making a decision.
And it could be an indicator on how well a company could execute on the roadmap or be an acquisition target if they're only ventured finance as an example, and then there's ecosystem, which focused is mainly on the partner base and the ability to act as a good citizen in a heterogeneous it environment. The leadership compass provides ratings of vendors for these categories.
So there's the product leadership based on the features and overall capabilities of the various products or services, the market leadership, which looks at certain market criteria, including, but not limited to the number of customers and partner ecosystems and their global reach innovation leadership, which is the key capability in it market segments that will be required for keeping up with constant evolution of these emerging customer requirements that we're seeing. And then the overall leadership, which is a combined view of the product market and innovation ratings.
In addition to the different angles, we look at such as product market innovation. We also evaluated a wide range of functional capabilities, and some of them are listed here for instance, the identity and user management.
So, you know, what APIs does the solution provide that allows for the management of identities or user accounts or associated directories or services, or what type of authentication methods are supported via APIs, whether it's biometrics or something else. We also consider single sign on session management, authorization APIs, you know, our APIs provided to administrate, you know, permissions and access rights also is the role-based access controls available via APIs, or even the dynamic authorization.
Also APIs that support monitoring of users, as well as being able to provide APIs that for forensic capabilities or compliance reporting, and then there's, you know, workflow and orchestration APIs, which would help with the automation or workflows such as, you know, user self-service registration or user consent.
And then we also look at, you know, how well are these APIs protected with API security?
So, you know, what type of controls do they have in place to, you know, prevent against the, you know, common hacker attacks, you know, is, is the API endpoints, you know, between them encrypted, is there rate, limiting, schema, validation, those sort of things. And then we also looked at things like DevOps, APIs, you know, what what's available for, you know, both developers and the operation teams when they're going through their development to operations life cycle, whether tools and automation and continuous integration.
And then finally, because API platforms, these identity API platforms are primarily focused at developers that are using them to connect between systems and delivering these new digital services that really the focus needs to be on. You know, what kind of support do you give to the developer? And this could be through documentation and tutorials as well as the tools that they provide. And is there, you know, a developer Porwal that sort of thing for community support? So we looked at that as well.
And now here are the vendors we reviewed in the identity API platform, leadership compass, some are well established companies while others have been in the market. And relatively less time. Other things to note here is that the Akamai recently acquired Jan ring, which is the consumer. I am software as a service provider, adaptive was spun out of the centered identity as a service solution. And then per was a UK based software company, which was acquired by access star a while back.
So starting with the overall leadership, six companies are in the overall leader segment.
These include for drop ping identity Ws O two as more established players with strong offerings and customer base. And this is complimented by a mix of established in younger companies, which Okta, Aero, and Akamai the remainder of these vendors fall into the challenger segment. One distinct grouping is near the top of the section. And Perion is stands out in the middle section. The remaining three vendors are grouped at the bottom of the challenger segment.
Also note that the vendors that are grouped more closely together tend to share similar product capabilities and market presence and innovation abilities. Just a reminder that each vendor has different levels of capabilities, market presence, cetera.
So, you know, a thorough evaluation of your company's requirements and a mapping of the product features is really needed to determine, you know, what is the best solution or for your company
For the market leadership.
The top three vendors are for drop ping identity in Okta, primarily for their more extensive global customer base partner and support network with the bottom section of the market leadership comprised of Akamai Aero and Ws O two in the challenger section, we find most of the remaining vendors having good products, but may lack one or more areas of their customer base or partner or support network when you compare these to the market leaders. And then the only vendor that appeared in the follower section is UDS, which is a good product.
And they have a relatively small vendor and partner ecosystem.
The product leadership is mainly based on the analysis of product services features, and the overall capabilities of the various products and services and their functional strengths and their completeness of their product. So the product leaders are for rock, which is leading, followed by WSO two and then ping identity with both strong and product and overall ratings overall, and both Aero Okta group towards the center with adaptive and login radius and AKA near the bottom border.
In the challenger section, there are two clear groupings. There is the I walk and Perion appear near the upper border, both good product features, but maybe lack some of the product features we'd expect to see when you put in the leadership position. The second grouping is towards the mid to lower section, which we see BDS and optimal. I IDM and you be secure, which, you know, with a stronger product than overall rating, all five products in the challenger section are focused and found to be good products, but didn't make it into the leader section because of maturity or missing.
Some of the features found amongst some of the leaders, when you compare them, innovation is what consumers require to keep up with the constantly changing and evolving and emerging customer requirements they are facing. And here we see in the leadership category, our vendors that, you know, have driven the market forward, you know, through the use of innovation within their products, which is for drop ping identity Ws oh two Okta. And I welcome in the challenger section, ERO, Akamai adaptive and login radius are group near the upper border per in the middle section.
And you be secure and view DS near the bottom. Only one vendor is included in the follower section, which is, which is optimal IDM, still a good product, but fails, or actually just slightly falls behind in innovation features. When you compare to other vendors, the identity API platform leadership companies provides much more detail. So really that's, that's the place to look for for additional information. So I think it is time for questions and answers. Let me take a look here. Looks like there may be a question about, did Azure ad participate in this evaluation?
No, they did not.
I can't give you the details of why they did not. They may not have opted to participate, but Azure ID, we do have an executive view on that, which I believe is just in the works to be published. So keep an eye out on that and let's see if there is a, another question, just a moment. Amazon Cognito did not participate. So the question was, did Amazon Cognito participate?
No, it didn't. So vendors do have the option to participate or not. And working within our timelines when we're doing the research and putting together the report. So not all vendors participated that we may have reached out to. So it looks like that's the end of the questions. So just a moment here.
So again, as you know, final thoughts, if you're interested in this topic, you know, please see the identity API platform, leadership compass, as well as you know, some of the related research that we have available on our Cole website. So I'd just like to thank you and hope that you attend our next webinars. Thank you.
