Identity Management Market Assessment

Market Review:

• Realization of the Networked Enterprise: With the success of the first generation of connected business systems, vendors and enterprises continue to seek productivity and efficiency gains through tighter application and data integration, and information sharing. Identity management solutions and related single sign-on technology promise a flexible foundation for data exchange with built-in access and provisioning controls that should alleviate the concerns that dogged other enterprise integration efforts.
• B2B and B2C Activity Increases: Despite the leveling off of activity in the B2B and B2C commerce markets, more and more enterprises have opened up key applications to partners or created new shared applications. Similarly, in the consumer world, more and more retail enterprises need to provide access to consumers as well as authenticate and keep track of consumers. This has driven the need for public identity management solutions and related authentication services.
• Increasing Focus on Security: Since 9/11, there has been a priority given to increasing security related to applications and users’ identities. Government agencies have been leading the way in looking for new security solutions, but private enterprises have joined in this quest to protect applications from fraud or malicious intent. Identity management is a key enabler to most security solutions.
• .Net and Web Services Gain Industry Attention: Microsoft’s unveiling of its .NET strategy and .NET’s position at the core of the software giant’s next stage of growth not only validated Web services, but also thrust the emerging technology into the spotlight and ensured that the industry would move quickly. Vendors kicked competitive or complementary strategies into high gear, and enterprise customers began thinking seriously about the infrastructure required to deliver Web services. Identity management is not only a beneficiary of Web services-related information exchange, but can also be a key enabler in the B2B setting, as users need to be identified and authenticated before participating in a Web service.
• Consolidation of Consumer Services: Paralleling the consolidation of industries such as media and entertainment, health care, and financial services, online consumer services have increased in complexity and sophistication, and single providers offer greater breadths of options. Consumers and businesses are now even looking for consolidation of information views and resource access across organizational boundaries. This, in turn, is driving the development of federated identity management capabilities.
• AAA Vendors Reposition: Many traditional authentication, authorization, and audit vendors have emerged as leaders in the broader identity management space. Companies such as RSA and Verisign have been active in leading critical standards activities. The emerging Web Services wave promises a second life for managed PKI services.

  Near-Term Market Drivers:

• Web Services Infrastructure Needed: Enterprise IT departments are beginning to think seriously about the infrastructure required to support Web services, even if corporate plans have not been established yet. Product purchases will be made with an eye toward support for future Web services requirements. For B2B and even consumer Web services, establishing the identity of users will be a key requirement and will drive sales of new identity management products.
• Secure Transactions Needed: In the enterprise, B2B, and B2C realms, the need to protect corporate assets against malicious intent and fraud will drive this market. Government agencies in particular will institute tighter communities of trust where identity management plays a key role. On the user side, trusted environments will ultimately lead to more Internet-based commerce.
• Federated Identity Standards Emerge: One key way to ensure trusted communities is through federated identities, whereby user identity information is passed or shared. Although friction between Sun and Microsoft and their respective standards camps (i.e., the Liberty Alliance and the Web Services Interoperability Organization) has raised concern that a fragmented market would chill the growth of identity management and Web services, a thawing in relations has begun. IBM’s pragmatic peace-making efforts and Microsoft’s distaste for more public questioning about “anti-competitive practices” indicate that a détente among the rivals is on the horizon. These standards for sharing identity information will drive new products and even new vendors.
• Regulatory Compliance: In the United States, businesses are dealing with a host of new access control and audit requirements that derive from newly enacted or newly implemented laws and regulations. These include GLBA, HIPAA, Sarbanes-Oxley, and the USA PATRIOT Act. The regulations affect companies across the economy, but are especially important to the financial services and health care industries.
• Defining the Space: Companies are pursuing aggressive partnering strategies as the market continues to evolve and the expectations of Identity Management functionality continue to expand. This is most readily seen in the current rush to partner with provisioning vendors. Identity management is emerging as the key and core hub of Enterprise security infrastructures.
• Cautious IT Spending: Implementing an identity management infrastructure is a significant undertaking. Many enterprises are still cautious about making large- scale investments of capital and planning resources without clearly understanding the return on investment or total cost of ownership equations. Without clear and heavy competitive pressure, enterprises are unlikely to change working systems. This remains a negative driver in the identity market and will affect the marketing messages of vendors.

  Long-Term Market Drivers:

• Enterprise IT Focus on ROI: Coming out of the spending slowdowns that began the decade, IT activities are no longer written off simply as “the cost of doing business.” Return on investment calculations are being applied to infrastructure and operations as part of product and services rollouts. Infrastructure investments in identity management will be increasingly weighed against gains in efficiency, productivity, and cost savings made as a result of newly enabled communications and transaction processes and services.
• Data Control Concerns: The flip-side of the benefits of highly integrated services is the loss of control of proprietary data. The authentication, access control, and audit aspects of identity management infrastructures will continue to be a hot button topic for businesses. Enterprise wariness about linking too closely with supply-chain partners and erstwhile competitors chilled the growth of B2B trading networks and likewise will play an important role in the adoption cycle of federated identity management systems.
• Privacy Concerns: Consumer awareness of privacy issues and concerns about control of personal information continues to grow, particularly with regard to the sharing of health and financial information among affiliated businesses. The same service arguments made by supermarkets and credit card companies – that knowing more about an individual enables providers to offer more tailored services – is proffered by some proponents of Web services. And the same emerging regulations will govern the sharing of consumer information within and among businesses. Identity management systems need the flexibility to ensure varying levels of information control and meet prevailing standards and regulations.
• Constant Performance Improvement: Identity management systems are intended to be at the core of next- generation businesses, providing virtually all authentication and permissions for access to various data sources. As business services increase in complexity and the number of users grow, the performance and scalability of identity management systems will be of paramount importance.