Pathlock’s acquisition tour is changing the market dynamics

A few days ago, Pathlock, one of the leading providers in the market for Access Control & Risk Management for Business Applications, has announced a merger with Appsian and Security Weaver, and the acquisition of CSI Tools and SAST Solutions. With that, five of the vendors in this market segment, become one. In our recent Leadership Compass on Access Control Solutions for SAP and other LoB (Line of Business) Applications, we had covered overall 23 vendors. With five of these merging into one, it becomes apparent that this step of Pathlock will change the dynamics in this market segment.

The market segment contains solutions that help organizations in analyzing and managing the access controls and access risks in business applications such as ERP solutions. This includes managing entitlements and roles, defining and managing SoD (Segregation of Duties) controls, managing privileged access such as emergency access, and other capabilities.

Relevant players in the market

Pathlock, which also received a funding in the $200m range, is building on its already strong position in this market and becomes one of the largest players serving this market segment. Aside of Pathlock, there is SAP, which is starting to serve not only the SAP domain, but also other solutions with its Cloud IAG (Identity Access Governance) offering. SAP still has a dominant role in SAP-centric environments. Pathlock, on the other hand, offers both depth for SAP environments as well as breadth for multi-vendor environments, including business applications delivered as SaaS.

When it comes to breadth in coverage of applications, two other large players in this market are SailPoint and Saviynt, both having their roots in IGA (Identity Governance & Administration). SailPoint has acquired ERP Maestro, another specialist vendor for Access Control & Risk Management for Business Applications, back in 2021, while Saviynt has focused on own capabilities in this area from the start of the company. Several other IGA vendors such as One Identity, IBM, or EmpowerID, to name just a few, also come with a good level of support for access controls management in business applications.

Market evolves out of a niche into a larger market segment

It will be interesting to observe how fast Pathlock manages the organizational and technical integration of all the entities that now come together, with technologies ranging from ABAP-based solutions to SaaS platforms. However, taking the breadth and depth of the combined capabilities, Pathlock surely is a vendor that must be evaluated when looking for solutions to manage access controls and access risk in business applications, be it in the SAP domain or in a heterogeneous multi-vendor environment.

With this acquisition, the recent ERP Maestro acquisition by SailPoint, and the investments of SAP into their Cloud IAG offering, this market is clearly evolving out of a niche into a larger market segment.

For an exploration of Breadth vs. Depth in this market, read this blog.