Gartner Blog Network


When is cloud-delivered IAM not really a cloud?

by Earl Perkins  |  April 25, 2012  |  Comments Off on When is cloud-delivered IAM not really a cloud?

My colleague Gregg Kreizman and I just completed a market analysis on different facets of the IAM services market. I focused on the IAM consulting and system integration (C&SI) market, Gregg focused on the IAM as a service (or IDaaS) market. During and after our research, we were discussing the next task– a look at the IAM managed and hosted services market, research I intend to deliver in the summer. It was during that discussion that the subject came up: what is the difference between IDaaS and IAM managed/hosted services?

When I first started looking at all of these service types in 2009, I created a simple taxonomy that divided the IAM services market into (1) C&SI; (2) managed/hosted; (3) IDaaS, and (4) another category that was focused on how IAM services were architected. Gregg and I both now see a blurring of the definitions between managed/hosted and IDaaS. Many of the providers that claim IDaaS are actually more like managed/hosted providers in the way the services are delivered, contracted, and maintained. So is there really a difference?

If I look at the Gartner taxonomy for cloud computing applications, it informs me about how I should define IDaaS in contrast to managed/hosted services. There are primarily 3 differences:

(1) There is a high degree of standardization in IDaaS that allows an offering to clearly delineate feature sets, standard practice for implementation and use, and organizational support requirements. An IDaaS will depend upon standard design principles related to multi-tenancy (likely delivered via virtualization architecture and product), scale, and systems support using well-defined metrics and simple SLAs. It will also be targeted at a specific service such as access management or single sign-on– more sophisticated activities around areas such as identity and access governance are not yet mature enough to have established standards and practices applied to achieve the degree of standardization needed;

(2) Speaking of simple, the second key characteristic of IDaaS is in the service ability to deliver very simple contracts, without detail around MIPs or storage or processing, but instead around simple concepts related to metered usage and/or user counts. An IDaaS contract will be much smaller and simpler to understand than a managed/hosted contract;

(3) An IDaaS requires no dedicated network links or sophisticated engineering at the DMZ-level to consume the service, and is based on Internet formats, interfaces, and protocols. There may be an appliance (hardware or software) that links the service via a VPN, but it uses the Internet, not a dedicated network link;

So the key words for IDaaS are simplicity of design and delivery, scalable and metered, with a heavy emphasis on standardization across technology, process, and organization. As I have said, you’re likely to find a blurring between IDaaS and managed/hosted services, and I’m not that sure whether it matters so much as long as the client is happy and satisfied with the result. This does indicate a trend to me, that there will be more players in the market, those players will borrow generously from ALL services types (including consulting and system integration), and that alliances will form around all three in different combinations to deliver IDaaS. Even the traditional IAM product vendors themselves will be active in the mix– they can provide the foundational raw material for some services, and facilitate the inevitable creation of the ‘hybrid’ world of the management of mixed cloud and enterprise applications.

So is there REALLY a difference between managed/hosted services and IDaaS? Whether it is evolution or revolution, there probably isn’t as much difference as you think.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  iam  

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.