Please accept my apologies for the long absence here on the IAM blog. I have been away for a while.
I’d like to address a specific, frequent question that many Gartner clients ask us. It’s also a question that is asked often by the press as well.
“When are you going to publish an IAM (identity and access management) Magic Quadrant (MQ)?”
I’ll give you a short, succinct answer and will follow up with an explanation.
Short, succinct answer: “Probably never”.
Gartner does have Magic Quadrant studies for user provisioning, web access management, and (for 2009) a marketscope for enterprise single sign-on (ESSO). But we do not publish an IAM suite MQ. The discussion internally about this has been intense, and has been reviewed each year carefully, considering all of those clients that ask. Here are some of the reasons why we still say no to IAM MQ:
1- IAM itself would have to be defined precisely to allow a manageable number of candidate vendors to participate. For example, if we specified only “IAM suite” vendors, we would have to define what constitutes a classic IAM suite, i.e. what individual component technologies make up a suite. That would indeed limit the number of candidates for the study, but it would also give rise to another concern: if one IAM vendor had good partnerships with other IAM vendors to create a suite offering, would they also be part of the study? Let’s say yes. Though the number of candidates may still be manageable, it would still require that specific definition of a suite to know for certain if you’re producing an IAM MQ;
2- What would Gartner do with the ‘other’ IAM vendors, i.e. those that do not have partnerships to create a suite but are definitely identity administration or access management vendors? It would then be necessary to create an “IAM MQ for non-suites” for another study to capture these vendors if we were to be fair. This could include vendors dealing with role management, entitlement management, Windows administration (for Active Directory), or a variety of authentication products. Again, this would still be a very large and almost unmanageable number;
3- There’s also the issue about weighting particular characteristics of different IAM products all in the same way. Would maturity of product, for example, have the same weighting in user provisioning as it might in web access management, or in ESSO? Would one compare and contrast the products as one unit to the competitor unit, or would one compare product-to-product? How would you map that on an MQ chart if it had multiple dimensions? This could be challenging both for the analyst to do and for the client to read and understand it.
It would be nice to have some kind of comparison overview of the IAM offerings in the market, and most clients do talk the most often of an IAM “suite” of provisioning, access management and single sign-on. I believe it’s important to “never say never”, but I also hope this sheds a little light on why we don’t do an IAM MQ and the reasons. In the meantime, you can be sure the basic building blocks of IAM will get the continued coverage it very much deserves to allow Gartner clients and others to make informed decisions in the marketplace.
Read Complimentary Relevant Research
Predicts 2017: Artificial Intelligence
Artificial intelligence is changing the way in which organizations innovate and communicate their processes, products and services. Practical...
View Relevant Webinars
How to Live Without Mobile Device Management
This webinar addresses the growing trend of users refusing to have enterprise management of their mobile devices due to privacy concerns....
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.