It's fair to say that the identity and access management (IAM) market is mature. Most large organizations now have an IAM environment that manages on boarding and off boarding of staff, provides an authentication facility to control access to protected resources, and supports a level of governance over the use and management of identity data.
But with the increasing complexity of IT environments and the burgeoning adoption of APIs, standard IAM suite solutions have sometimes been found wanting. What was once a simple “is the requesting user in the appropriate AD group?” is now “is the user a staff member, is he an approved developer, has he passed the Python proficiency test and is 2 FA required?”
The maturing market is also widening, IAM is increasingly recognized as being essential to cyber-security and organizational efficiency. Companies are increasingly wanting to exploit the benefits that a properly deployed IAM environment can afford. They want the efficiency of an approval workflow engine that provides benefits in better security and lower costs, they want the access control of an authorization service based on real-time identity attributes and context variables, and they want the governance that can be achieved via a proficient identity management solution.
What they don’t want is a rigid product offering that either provides much more functionality than they really need, or a solution that doesn’t fit their current operation and requires them to change to their business processes. And they don’t want an IAM solution that’s too expensive.
The key requirement these days is agility. Customers might have a need for a basic identity manager solution to on board staff but without the need for an approval workflow initially. They need to be able to add this on in the future. For authentication their initial requirement might be for coarse-grained access control but with a future aspiration for role based, or even attribute based access control. Governance may not be specified as an initial requirement but support for a reporting and audit function is highly desirable.
Tremolo Security have an ideal product offering for this diverse and changing marketplace. It has the ability to satisfy a single and complex requirement, or to provide all the major functionality of a complete IAM solution.