Event Recording

IAM-Suites for Medium-Sized/Mid-market Organizations

Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
So we want to talk quickly about IAM from medium size mid-market organizations. And this is something that has been raised also as a que as a panel question this morning in another context. Yeah. Que is difficult, but lunch after lunch. So the question is, is there really one size fits all for identity and management for different organizational sizes? That was the question that we were looking into, and it's also focused on some research that Martin Kuppinger is currently just executing. There will be a leadership or market compass market compass out shortly after the EIC, where we look at that specific market segment and where we look at, how the products play there as well. So the traditional ones and the not so traditional ones, first definitions that we know what we talk about. Medium sized organizations, 51 to thousand employees, or 5 million to 100 million Euro or used dollar in revenue. And mid-market is the next step. It's 1000 to 10,000 employees. And the according revenue, I don't read that out. I can only struggle there. So this is the target market and they have specific challenges or do they, what they need is the right resources at the right time. So the question is, does the organizational size influence the choice of tools
You can contradict me, but I assume they have the same or similar functional requirements as larger organizations have they have this, they want the same type of types of capabilities because they have the same time, the type of, of regulatory requirements of business requirements of agility requirements of every requirement that is required to make them business work. So it's entitlement management roles and groups, it's cloud support, it's SA support it's automation. So really speeding things up, nothing different within IAM for such an organization, other than larger enterprises who we know do IAM already, IGA Pam, but they are different in their nonfunctional requirements. They usually require a reduced time to implement. Once they identify, they need something like IM IGA, they most probably want to get this in production much quicker than a usual IM project in the larger enterprise would take as they are not that big. We have seen the figures, low operations cost would be great for larger enterprises as well, but for them really important, low support required. So really not much friction when it comes to implementing things. And that is important reuse of best practices. All of this needs to be done. I don't read it out. These are the typical tasks that I am covers and more
But small business don't have a dedicated team or the resources to handle IM tasks. So what happens, they end up with these issues, these tasks not properly addressed, or they cost too much because they have to, to be done anyway, a quick walkthrough. What we usually do when we talk to larger enterprise, and this seems like a real big deal, but we still consider this to be of importance because getting to the right architecture, getting to the right tool in the end is a complex challenge.
And this is a slide that I, that I borrowed from Martin. It's really about what are the key success factors for an IM project? And you see many dimensions around that and all of these, no matter which size you are, I think need to be taken care of to get to what is in the middle of this picture. The successful delivery of the IM project and successful has KPIs KPIs mean on time at budget, in quality, complete and distinct user friendly, unex extensible. These are the dimensions that don't vary with the size of the organization. Woo.
So that depends on the proper requirements and analysis and a continuous update of this requirements, analysis, budget, and stakeholder management, planning, people, processes, policies, and in the end to the right, the right tools to implement with. So when we talk about IM from medium mid-sized organization, this is just the right, the right part of this. So everything else should be in the belly of such a solution and support them in achieving what they want to do. And that is actually the challenge because they usually don't have the time to execute all these tasks as a whole. So that is the project planning phase. This is the requirements, definition, target architecture. And if we go to the next step, then identifying the right tool. This is a slide that I took from our marketing slides, not to give you marketing advice, but to tell you what we usually do. We do a requirements documentation. We get to a long list, short list. We send out an RFI, RFP questionnaire. We do a structured vendor assessment. We might even support execution of a, a proof of concept implementation and finally get to an assessment. And a recommendation takes time for larger organizations is useful. I think it's correct and relevant to do this,
But that might be the issue. So isn't there a shortcut, can we go less steps to go there because I already use Azure active directory. What else do I need? I have lots of on-premises ADSS and legacy, which authenticate, but we're moving to SaaS. What to do. We are cloud first live in Google apps or Microsoft 365. Isn't the built in, I am enough. I, I need to provide evidence of what I'm doing. I have regulatory requirements. I have audit findings, but we cannot be the first organization to solve that challenge. So these are the questions. When you talk to organizations that size and their right to do their right, to ask these questions, can't that be easier? So is there a way through this wall of work that we do when we do it properly
And there is a way to achieve this, there are, I am solutions for medium size and mid-market organizations, and they do exactly that. What we should thought would be in the right part of the slide before these solutions are targeted and tailored for this special audience, they have deliberately focused capabilities not to say reduced really focused. They focus on a good foundation, easy to use, easy to implement usable out of the box. Ideally. So processes in IAM Martin says this all the time. They don't vary from business to business too much. They do, but they should be adaptable and should work out of the box. So no too little adoption requirement. Another thought just down there to think it over two scoping options are required. Do I have authentication already in place? That is the, I have Azure ad already part of it or do I don't I have it. So I need a access management that does authentication and IGA in one solution. So these are the, also the, the scopings of the products that we see. So there are these solutions that do this. So again, they take what we have in this identity fabric, select a few of the capabilities that we set set here, and they deliver the capabilities that are typically required, what they anticipate our required by such organizations without the overhead, without the complexity of what I've shown before.
And they come with typical functionalities, first of all, and that's no doubt there needs to be IGA because this is missing. So identity governance and administration, here's a life cycle management, identity provisioning, access governance, maybe access management. I said before, maybe some privileged access or some more plus automation self-service dashboards. So this is where they tried to solve the problems out of the box. So this is a market segment to look at. Martin does this, but what to consider when actually doing this decision, because there are more than one market segment sector to look at. I've talked about those already. These are the specialists that I just shown before, but maybe we should also look at platform builtin solutions. Microsoft Azure ad might be enough Google IAM, Soho manage engine. These are just examples, no endorsement, just examples to illustrate the market, or you take the traditional Ida solution. So Okta, male, or zero, they come with some proper functionalities or proper functionalities there as well, but they target also different sizes of organizations. It might be necessary to look at traditional. I am suits. And then you get up end up with the process that I've just described or parts of that. So it's the four sales 0.1 identities, all of those larger ones that are outside in the exhibition era, or even this S and P specialist with just three names given here, as well as examples.
So how to get to a proper decision, proper decision means decision making based on aspects, dimensions to look at and to compare this. And again, I like these graphs. We have criticality of the actual business and the access management that has to been executed. So something between, as an example, not regulated to highly regulated, I don't know, university a bank. So this would be the, the complexity of the criticality. And we have complexity, the, for example, the applications to connect standard applications, standard connectors, or lots of niche applications, self developed applications. And if we take the market segments that we just had a look at platform builtin most probably there maybe bit grown to the right and to the upper Ida, because first of all, criticality complexities. So that might be all to discuss, but this is just an example assessment specialists. That would be the SMB specialists.
They can easily help with organizations that are, for example, highly regulated. Of course, they might also fit in here, but that might be overdone. And they get to a certain level of complexity. For example, if you want to integrate homegrown self written applications, that might be a challenge for these specialists. And in the end, the other part might be the IM suits as, as, so these are the different sectors to look at and yeah, doing this assessment for the right set of questions might help organizations to get to a, to a proper assessment where they should end up with, if, if these specialized products are the right ones, they could be, but you can verify, you can verify that with looking at the right dimensions. I mentioned complexity and criticality, but there are more target operating model. So should it be on premises? Should it be hybrid? Should it be as a service? And you can do the same exercise that I did before with in combination with another, with another dimension implementation speed, best practice is enough versus I have really specific requirements, which changes the picture completely the types of identities I'm talking about employees and partners, and that's it. Versus I have devices bot services. I do DevOps, whatever, and especially the developer focuses separate dimensions. And these are also just examples to look at. So these are just a few dimensions, but this will help you in identifying the right solution, whether which of these four market segments that I've shown before might be the right ones to solve the problems, the issues, the challenges, and the ongoing business support for smaller and mid side bus midsize businesses,
Because one is clear. One thing is clear. The choice of an inadequate IM solution can lead to, and this unfortunately true higher administrative costs, inefficient administration, functional gaps. So you're not getting what you require, lack of compliance, which is really bad oversized solutions, which is expensive or a delay in implementation because you take longer than you would need to because you could have used best practices and something out of the box. So this exercise that I just described, plus some market expertise can really help. This is not selling our advisory services, although we could support it, just get that input that you're required to get to the proper, to the proper answers and the proper solution for, for you as a summary, I have been given three minutes or so, just because your organization is of lesser size does not mean there are no comprehensive IAM challenges. And that is almost a truism. You do have these challenges solving the issue does not come for free and will require adequate resources. No matter how you do it, there is a shortcut possible because we can build on best practices in supporting in this analysis exercise and by providing such a methodology, which you can take home and use, but you need to answer these right questions.
And that's, that is the real truism, make the right choice based on your requirements. And that depends on your individual business. Thank you very much.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00