Gartner IGA Magic Quadrant Revealed

Gartner IGA Magic Quadrant Revealed

The Identity Governance and Administration Magic Quadrant.

It’s Gartner time again.

As a respected member of the information security community, I am certain you had an alarm set to notify you as soon as the Gartner Identity Governance and Administration (IGA) magic quadrant was released. After all, how can you possibly make an informed decision about Identity management products without this critical piece of research at your disposal?

IGA Magic Quadrant Perspective

The Identity Governance and Administration quadrant is a merger of the previous user provisioning and identity governance quadrants. Gartner recognizes these two arenas are naturally merging together as compliance and security concerns continue to drive the importance of governance over identity management.

Obviously, IT professionals should leverage as much research and information available to them. In order to help make the appropriate decisions for an organization, the IGA Magic quadrant definitely provides value when combined with other data. Unfortunately, numerous organizations tend to forget that “OTHER DATA” is ultimately the most important facet of decision-making when choosing the correct solution. Do you honestly believe that Gartner knows…

  • your specific identity management requirements
  • your current architecture
  • your current staff skill set and how that relates to implementation and ongoing support capabilities
  • or any of the numerous variables unique to your organization?

Of course not, which is why Gartner makes it clear that all of the companies placed in their IGA magic quadrants can be effective depending on an organization’s needs. However, there are still numerous senior leaders who preach architecture and strategy should never be outsourced, yet they rely on research reports (such as Magic Quadrants, Waves, MarketScapes, etc.) as their primary decision-making tool for strategic IT purchases. This is a recipe for disaster. Beyond the Gartner IGA magic quadrant, C-level executives need to apply more internal due diligence when making important product selections that impact the business.

IGA Business Enablement Revealed

Gartner and other research firms are all stating that identity and access management (IAM) is becoming a business capability just as much as an information technology capability. This means that an IAM solution should take into account all aspects of an identity’s needs including access, assets and even service requests. It also means that key security and governance tasks should be delegated to the business rather than IT. Robust self-service features can enable this transition to a business-focused IGA approach and also improve operations through increased automation. From a security standpoint, this makes complete sense. Business users who understand the application and services being requested should truly perform approvals and access certifications.

Several IGA vendors have embraced the trend toward business-focused identity management. Yet amazingly, many of the highest-ranked vendors in the latest quadrant do not follow this recommended approach. They would also require considerable overhauls to be able to compete with many of the next-generation solutions.

However, the big-name, legacy vendors are still perceived as “leaders” because of other ranking variables. Maybe this is because they have extensive organizational reach with focused sales and marketing efforts and channel partners in Estonia and Yemen? Do you truly need to be concerned with EVERY weighting criteria the research reports incorporate into their rankings? No, which is why any decision-maker needs to apply independent thinking when evaluating the best fit for their organization.

The IGA Magic Quadrant Business

The best way to make a sound decision for any technology purchase is to truly understand both business and technology requirements. Notice the term “business” in the previous sentence, because understanding business needs will require reaching out to business functions to effectively determine the right solution. If IT tries to embark on an identity and access management program without a strong partnership with the business, a solution may be chosen that will not fulfill business needs or adapt to changing business requirements over time.

Therefore, leverage research reports such as the Gartner IGA magic quadrant report where they make sense, but apply more focus to understanding your internal requirements by partnering with the business. This not only will give you more data to make the right decision, but it will raise your status in the business, thereby, helping you gain support throughout the project.

identity management analysts white paper. Get the Free KuppingerCole Identity Management Analyst White Paper

Learn the future of identity and access management and the role IT automation and business driven self-service administration play in business performance success. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.

Click Here to Request the White Paper

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).