Analyst Chat #126: Leadership Compass Identity Fabrics

Welcome to the KuppingerCole Analyst Chat. I'm your host, my name is Matthias Reinwarth, I'm Lead Advisor and Senior Analyst with KuppingerCole Analysts. My guest today is Martin Kuppinger. He is the Principal Analyst with KuppingerCole Analysts and one of the founders. Hi, Martin. Good to see you.

Hi, Matthias, pleasure to talk to you.

Great to have you. And again, we do this for a very good reason because you've just completed some extensive work for a Leadership Compass and you cover the area of Identity Fabrics. And this is an update document that has just recently been published and we want to talk a bit about what Identity Fabrics are with respect to this Leadership Compass. So what's the market segment and what has changed in the meantime? Because it's an update document. So first of all, if you would have to define Identity Fabrics as a market segment, what would be your key criteria to look at?

Yea, so at KuppingerCole Analysts, we have defined this concept of Identity Fabrics a couple of years ago, as a comprehensive approach on all of identity management. And so basically Identity Fabrics are a model, a concept, they help organizations to build their fabric in the sense of a mesh or production line, it could be both, and it is both, in fact, across all the identity services. And when you look at vendors, then we look at sort of the completeness of the vendors' offerings in supporting such a comprehensive model. So this is at the entry point. We look at rather comprehensive offerings. In earlier days we might have even called it IAM suites, but it's more than IAM suites. But it's really these offerings that can do more than just expertly solve a certain element within the broader identity management area.

So these are the products that organizations should look at when they start on their journey or are updating their platform as a whole to have a hopefully broad coverage of what we consider to be individual building blocks within our reference architecture, within the Identity Fabric. So it's IAM, plus IGA plus a bit of PAM?

I think that fits quite well. So it is that most of what we talk with customers about building an Identity Fabric, defining Identity Fabric, we always clearly state it would be very unusual if you just would use one tool to do it all. But it's a smart idea to have a few sort of main building blocks, one or two or three and then complemented with the highly specific capabilities that are not delivered by these solutions. So from that perspective, yes, the expectation would be that there is a strong coverage usually in IGA and Access Management plus maybe PAM, plus CIEM, so Cloud Infrastructure Entitlement Management or DREAM, our Dynamic Resource Entitlement and Access Management concept, and the more specialized things like integration into decentralized identities and more. So this is basically the idea. And so most of the vendors are definitely strong in both of the core domains, IGA and Access Management. Some are very strong in one domain, a little weaker in another or deliver a more broad set of capabilities, but not always in excellence. So it's a little bit a mixed field here. What we also see is very important - and you brought up this modernization and also the first implementation aspects. What we see as very important is that the Identify Fabrics, and this is where we have high expectations, have a modern architecture, are not API first, but API strong, I would say. So really being very strong in APIs, but also a good user experience via the user interface. These are elements we see as very essential. We also looked at a few specialists which are not serving the full range but are exceptionally strong when it comes to the integration capabilities into just mesh, into this fabric.

Right. And that would also have been a question that I would like to ask because we think of this Identity Fabric as the orchestration of services, individual services provided for individual use cases, building blocks of such an architecture. Do the vendors really move towards this services approach? So we're really also modeling the individual capabilities as a service, or are there also these monolithic vendor suites that are available that are not easy to cut into slices?

Yeah. So I think the interesting thing is, when I look back to the first edition and this edition, so on one hand, the number of lenders we have rate which has increased quite a bit and the technology maturity of these solutions also has increased. So we also see some of the established players in this market that are at least quite a bit done with their journey from a traditional monolithic set of products. Usually that wasn't really a suite or integrated thing, but they have this strong, established, mature products, but in a rather traditional architecture and we see several of these vendors very actively working on modernizing and rebuilding sometimes these solutions and delivering them in a more modern architecture building microservice deployed as containers with a consistent set of APIs, being ready to be delivered as a service frequently, also being delivered as a service by design, by default. So this is really something where we see a significant evolution happening in the overall identity management space towards modern architecture. That also means Identity Fabrics are very well suited to modernize the IAM infrastructure that organizations may have built over the past 10, 15 or even more years because these solutions we look at are having a modern architecture. Sometimes they are a little bit still on the journey, but the direction is clearly set. And the other thing we have in this Identify Fabric concept is that we also look very much at how do these solutions support everything from exposing APIs for digital services that can consume services to managing SaaS services to managing a legacy, or even integrating with legacy identity management solutions for a sort of a gradual transition from the past to the future.

Right. But that in turn also means that the solutions that you've looked at are not either IDaaS or on-prem or they are just they need to be hybrids, they need to be deployable in several ways to use to make sure that they can accompany an organization on their journey to this digital transformation. Right?

Yes and no. So we see some solutions from some of the vendors, which just offer public SaaS but have approaches that allow them to connect back to the legacy of premise applications, for instance, using a gateway that sits in between the legacy applications and the modern application. So we see this happening. We also see wonders that have more flexible deployment model for different options. I think that is something where it really depends on the customer what is the right approach to choose. So there are pros and cons for all of these approaches and so what we don't look at are solutions that are in an architecture that allows an as a service deployment, so being able to be deployed as a service is a must. But if it's just public and a multi-tenant cloud, that's also fine.

Right. I've had a quick look at the document and this is really a substantial documents. It's almost 100 pages, so lots of work went in there and also quite a number of vendors are covered. This is an update, as you said, and I would normally assume that this is a mature market. Nevertheless, are there new entrants are the massive changes in the ratings? Just as a teaser for the audience to have a look at the document.

Yeah, so on one hand, we have, as I've already mentioned, I think we have roughly 50% more vendors in the rating this time. I wouldn't dare to say this is a truly mature market segment. I think it's still a journey. It matured significantly. But I think when we look forward to the next edition and whatever 12 or 15 months or so then we will see a significant uptake in maturity because we see a lot of vendors investing very intensively in their offerings either by extending features in certain areas where they are not as strong or by modernizing, still modernizing some parts which are sort of more traditional. So I expect that we will see a and further increase in maturity, a very significant increase in maturity over the next 12 to 15 to 18 months. With having more vendors in the rating we also see that clearly there are some changes in the top positions or I would probably better say there are some of the vendors, which either haven't been in or which were not that far on their journey of modernization, the last time we did this Leadership Compass moved up to stack. I expect that we have more vendors in and more maturity in the next edition.

OK I think that is teaser enough for those who are interested in that market segment and understanding which are the products that are in this ominous upper right corner of our diagrams, should know that they can go to our website and get the document. It's a subscription document, but there is a 30 days starters subscription to have a short insight into what we provide as research, as KuppingerCole Analysts. Any final words, any final recommendations before we close down? Of course, send our audience to the website. Was there something striking in the analysis that you executed?

Yeah, I think I touched most of the players like as I've said, seeing this market maturing, seeing also some interesting specialists emerging which are really more the integration side between different components which don't deliver the full fabric but are very good in the mesh part. Aside of talking about subscriptions, I think my hint would be yes, go for at least a research subscription but check with our team about the enterprise subscription which not only gives you access to research, but also to the analysts at any time. And then you can directly get our feedback.

Right, and the events, because EIC is just over and it was a great event. And so that is all covered with that enterprise subscription. Thank you very much, Martin, for joining me today, for giving an insight into this really new Leadership Compass about Identity Fabrics. Looking forward to having you soon again. Bye bye.

Thank you. Bye.