The Evolution of IGA
The recent announcement that Gartner will retire the Identity Governance and Administration (IGA) Magic Quadrant reflects market trends toward convergence in the identity and security space. Over the last few years, we have seen the merging of Identity Administration, Identity Governance, and Identity Analytics into IGA.
Now we are seeing IGA combine with related segments. Specifically,
- Privileged Account Management (Cloud & On-Premises)
- Third-Party Access
- IoT Governance
- Cloud Security Posture Management
Chief Information Security Officers (CISOs) recognize that that a siloed / best of breed approach does not work. The number of security vendors is exploding, and they are bombarding CISOs with marketing information. The challenge is that this information is not helpful in determining how various products work together to provide a holistic security posture. In addition, the level of effort required to build and maintain integration between those products requires budgetary and staffing levels that are not available to most CISOs.
A CISO of a major U.S. bank told OCG that:
“Security vendors are overwhelming us with information that provides little value in building the most effective security architecture. We settled on Microsoft Threat Protection as the foundational layer and will evaluate other vendors based on their capability to fill gaps. If you want us to purchase your product you need to present it in that context.”
Major security vendors are aggressively adding capabilities to their product portfolio through a combination of product development and Mergers and Acquisition activity. This is to enable and build a Zero-Trust based product portfolio to take advantage of the consolidation of the identity and security markets.
Companies are also creating strategic partnerships to provide broader capabilities. Saviynt and Microsoft created one such partnership to build cross-enterprise identity governance for the Microsoft stack, a great example of transcending marketing to provide true product-level integration.
The transformation continues
The merging of Identity and Security is a sea change that will continue to evolve and take shape over the coming years. While this convergence will help simplify security portfolio choices, there are still complex headwinds and challenges facing CISOs today. Most large enterprises have business applications from multiple vendors and/or multiple cloud providers such as Microsoft Azure and Amazon Web Services (AWS). CISOs must provide a holistic view of their security posture across the entire enterprise. And, to keep improving their security posture, CISOs need to be on the lookout for new technologies not yet available in the major security stacks.