Gartner Blog Network

Why There are No IAM Magic Quadrants: Resisting the Inevitable?

by Earl Perkins  |  August 23, 2009  |  6 Comments

Please accept my apologies for the long absence here on the IAM blog. I have been away for a while.

I’d like to address a specific, frequent question that many Gartner clients ask us. It’s also a question that is asked often by the press as well.

“When are you going to publish an IAM (identity and access management) Magic Quadrant (MQ)?”

I’ll give you a short, succinct answer and will follow up with an explanation.

Short, succinct answer: “Probably never”.

Gartner does have Magic Quadrant studies for user provisioning, web access management, and (for 2009) a marketscope for enterprise single sign-on (ESSO). But we do not publish an IAM suite MQ. The discussion internally about this has been intense, and has been reviewed each year carefully, considering all of those clients that ask. Here are some of the reasons why we still say no to IAM MQ:

1- IAM itself would have to be defined precisely to allow a manageable number of candidate vendors to participate. For example, if we specified only “IAM suite” vendors, we would have to define what constitutes a classic IAM suite, i.e. what individual component technologies make up a suite. That would indeed limit the number of candidates for the study, but it would also give rise to another concern: if one IAM vendor had good partnerships with other IAM vendors to create a suite offering, would they also be part of the study? Let’s say yes. Though the number of candidates may still be manageable, it would still require that specific definition of a suite to know for certain if you’re producing an IAM MQ;

2- What would Gartner do with the ‘other’ IAM vendors, i.e. those that do not have partnerships to create a suite but are definitely identity administration or access management vendors? It would then be necessary to create an “IAM MQ for non-suites” for another study to capture these vendors if we were to be fair. This could include vendors dealing with role management, entitlement management, Windows administration (for Active Directory), or a variety of authentication products. Again, this would still be a very large and almost unmanageable number;

3- There’s also the issue about weighting particular characteristics of different IAM products all in the same way. Would maturity of product, for example, have the same weighting in user provisioning as it might in web access management, or in ESSO? Would one compare and contrast the products as one unit to the competitor unit, or would one compare product-to-product? How would you map that on an MQ chart if it had multiple dimensions? This could be challenging both for the analyst to do and for the client to read and understand it.

It would be nice to have some kind of comparison overview of the IAM offerings in the market, and most clients do talk the most often of an IAM “suite” of provisioning, access management and single sign-on. I believe it’s important to “never say never”, but I also hope this sheds a little light on why we don’t do an IAM MQ and the reasons. In the meantime, you can be sure the basic building blocks of IAM will get the continued coverage it very much deserves to allow Gartner clients and others to make informed decisions in the marketplace.


Tags: magic-quadrant  mq  suite  

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Thoughts on Why There are No IAM Magic Quadrants: Resisting the Inevitable?

  1. Ant says:

    You set out the points well, Earl.

    A market is defined by a common set of customer/client wants and needs; identifying that is relatively straightforward for those markets that we do cover in research, but rather elusive for IAM as a whole.

    Really, there’s no IAM “market”, it’s really a marketplace — or (in some technology areas) more like a sūḳ…

    Gartner does publish research that covers “suites” or less formal ensembles of diverse IAM tools, just not using the Magic Quadrants or MarketScopes format.

    Furthermore, Gartner does more than publish written research. Direct interactions with clients, in telephone inquiries or face-to-face, allows us to answer questions about which vendor (or vendors) can best meet any particular set of requirements or who has the best vision for “full-blown” IAM.

    — Ant

  2. Deborah Volk says:

    Gartner publishes research for Enterprise Content Management suites, includinng a Magic Quadrant. From a market analysis perspective, I don’t see a lot of difference between ECM and IAM suites. There are large vendors with many (all?) components in both suites and there are vendors that excel only in a particular area (provisioning on IAM side or web content mgmt on ECM side). If customers want a suite, they can look at the suite Magic Quadrant and avoid the noise about more specialized vendors. If customers want a pure play solution or a best of breed assembly, they can drill down in separate Magic Quadrants that already exist today. Why can’t Gartner do both suite and individual MQs on IAM side like it does with ECM?

  3. Ant says:

    That’s a good question, Deborah! We may be able to learn something from our colleagues elsewhere in Research…

    I see that there is a MQ for ECM and a separate MS or MQ for records management and Web content management (WCM), two out of the six “core components” of ECM suites identified in the MQ.

    But IAM isn’t ECM.

    As I said earlier, our experience is that identifying a common set of customer wants and needs for “an IAM suite” is elusive; it seems — to an outsider, and at first blush — that there may be greater consistency in user wants and needs for an ECM suite.

    Pragmatically, there are too many important tools that might form part of many enterprises’ “ideal” IAM suite that are not yet offered by the major core vendors, which would skew a MQ in odd ways.

    Furthermore, very few enterprises are in the “green field” state where they can “look at the suite Magic Quadrant and avoid the noise about more specialized vendors”, as they likely have some core IAM tools in place already.

    And finally, as Earl pointed out in non-MQ/MS research earlier this year (G00166249), “real technology integration between the suite components of a single vendor (or components from different vendors) isn’t significantly differentiating” — but having a single MQ for IAM might tend to imply (or lead readers to infer) that a suite from one vendor is somehow always inherently superior to an ensemble of tools from two or more vendors.

    However, I’m not dismissing your suggestion, Deborah, and I’m sure my colleagues and I will revisit this idea when we gather to plan our 2010-11 research agendas.

    — Ant

  4. Earl,

    Great post – it’s always interesting to see the thinking behind Gartner’s research calendar. Regarding an IAM Magic Quadrant, quite frankly I think it would not only be hotly contested on the vendor side but fairly irrelevant for end users. Customers by and large do not buy “suites” from a single vendor as much as they purchase suite components to solve specific business needs. Calling them “suites” is a misnomer – they are more like product families with loose affiliations. As you recently pointed out (G00166249), the actual integration between those component products is lacking. Most large companies purchase component products to solve the spectrum of security and compliance challenges under the IAM umbrella. They’re less interested in the best of breed vs. suite debate and are instead focused on what is the best technology that solves their problem most effectively. So in effect, there is no market “pull” for IAM suites obviating the need for a Magic Quadrant.

    Looking forward to continuing the discussion at the IAM Summit,

    Kevin Cunningham
    President, SailPoint

  5. Earl Perkins says:

    Thank you for the feedback, and I especially thank Ant for responding to Debra regarding another aspect of “why”? I believe that the IAM market isn’t nearly as well defined as other markets and that one of the few constants in products for IAM is that they in some way impact “identity”, whether in creating them, watching them, enforcing them, etc. they aid in these processes in many different ways, and putting them together both as a suite and as a market isn’t quite as clean and structured as it appears.

  6. […] the “magic ceiling”. Earl also revisited why there is still and likely to never be an IAM magic quadrant – there is no one definition to make a cohesive statement […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.