The start of a new calendar year is typically the time for reviewing the status of things, and high on the list should be Identity and Access Management (IAM) and the related areas of Identity Governance and Administration (IGA), Consumer Identity and Access Management (CIAM), Cloud Infrastructure Entitlement Management (CIEM), and Dynamic Resource Entitlement and Access Management (DREAM), which is a paradigm for managing all access of everyone and everything to all resources consistently in a multi-cloud multi-hybrid environment.

The continual cyber-attacks on businesses and data breaches indicates that many organizations need to up their game when it comes to controlling who or what can access their critical business systems and data. It is important to understand that IAM is not something that can be done once and then forgotten about.

Not only are cyber-attack methods continually evolving, but so too is the business IT landscape. It is therefore essential that organizations ensure they are continually adapting their IAM-related processes to the challenges presented by cloud, mobile, and social computing as the business pursues gains through digital transformation.

Many organizations struggle to manage identities and controls access to key assets because it can be a complex and challenging task, involving a combination of policies, processes, and technologies to manage and control the rapidly growing number of human and non-human digital identities and their access entitlements.

It is essential, therefore, for organizations to review their IAM capabilities regularly in the light of changing business objectives, best practices, technology, and the growing number of laws and regulations about how data must be processed and protected.

IAM is a core area of focus for KuppingerCole, and this edition of KC Navigator provide links to all the content available to help you review and improve your IAM capabilities because a strong foundation for Enterprise IAM is more important than ever due to the increased use of cloud and the growing importance of managing consumer identities to meet regulatory requirements for greater data protection and open infrastructures.

While many organizations have been focused on an inward-facing view of IAM/IGA in future IAM/IGA must take into consideration the needs of Digital Transformation and how to deliver, deploy, run, and secure the heterogeneous IT that is now found in most organizations.

— Mike Small, Senior Analyst, KuppingerCole

Because we understand the importance of IAM, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.


At the start of a new year, a great place to begin is the newly published Advisory Note on the Maturity Level Matrix for IAM, which provides a handy methodology for evaluating the maturity of your IAM organization and current IAM, IGA, and CIAM programs and their cloud readiness.

IAM capability is extremely important in the context of cybersecurity. For help in assessing cybersecurity risks, have a look at this Advisory Note on KRIs and KPIs for Cyber Security.

Access governance is an important component of IAM, and for a discussion on why a new risk-based and policy-based approach is needed to reduce the cost, effort, and complexity of overseeing and enforcing access entitlements, including access reviews and recertification, have a look at this Advisory Note on Redefining Access Governance: A broader perspective.

For a description of best practice approaches towards the right data model, efficient processes, and an adequate organization for implementing role management as the foundation for achieving administrative efficiency and maintaining regulatory compliance, have a look at this Advisory Note on Enterprise role management done right.


In assessing the maturity or your IAM organizations, have a look at this Leadership Brief on

Recommendations for aligning ITSM with IAM/IGA that outlines the key reasons for dong do and how this can best be achieved, and this Leadership Brief on the Typical Risks and Pitfalls for IGA Projects and how they can be avoided.

For some high-level orientation on the topic, have a look at this Leadership brief on The 5 Biggest IAM Myths, and then for an overview of the main trends to help businesses evolve their Identity and Access Management (IAM) strategies to meet new, emerging and future requirements, have a look at this Leadership Brief on the 10 Top Trends in IAM

For a discussion on the benefits of adapting the structure of IAM organizations so that they are based on a service capability model, have a look at this Leadership Brief on How to set up your IAM organization.


Our analysts have blogged extensively on IAM-related topics. Have a look at the list below of blogs relating to IAM maturity and improvement, and choose the topics that are most interesting:


If you would prefer to listen to our analysts talking about IAM-related topics, listen to these Analyst Chats on how and why to Get Rid of IAM Siloes, on why IAM Requires a Solid Process Framework, on why There is More to IAM Processes than JML, and on Policy-based and Dynamic Authorization Management.

You can also listen to presentations by our analysts and other experts on IAM-related topics. Look through the list below and chose the ones most appropriate to your business:


Have a look at this list of webinars on IAM improvement and choose those with that cover the most relevant aspects of IAM for your organization:


The KC Master Class: Identity & Access Management (IAM) Essentials is designed to deliver general knowledge on a foundational piece for security, compliance, and digitization, and the tools to use for your organization’s advantage.

Our analysts will guide you through each chapter to pass the final exam and become a KuppingerCole certified Master of Identity and Access Management.


KuppingerCole has written many whitepapers on IAM-related topics with reference to particular vendors in this market and their offerings. Choose from the list below:

Tech Investment

For organizations looking to make initial or further investments in the IAM market to get their IAM organization up to speed, for insights around  the leaders in innovation, product features, and market reach for Access Management on-premises, cloud, and hybrid platforms, have a look this Leadership Compass on Access Management, Identity as a Service (IDaaS) - IGA, Identity Governance & Administration 2021, Privileged Access Management for DevOps, and CIAM Platforms.

Guidance on questions to ask vendors, criteria to select your vendor and requirements for successful deployments can be found in these Buyer’s Compasses on Access Management, Providers of Verified Identity, Identity Governance & Administration (IGA), Identity-as-a-Service (IDaaS), and Decentralized Identity.

Organizations investing in technologies to support IAM can also have a look at some of the related technology solutions that we have evaluated: