Comparing Identity and Access Management as a Service (“IDaaS”) Solutions

With the recent publication of the Gartner Magic Quadrant for Identity and Access Management as a Service (aka “IDaaS” or “Cloud Identity” — click here to download the report) and with our recent $42 million of funding as well as the recently announced funding of various other vendors in the IAM space, there is definitely a lot of buzz and interest in the IDaaS market these days. Which is great as it is always exciting to be a vendor in a hot and fast-growing market. But it is also great for customers who can take advantage of this rapid innovation occurring that in turn can make their businesses more agile and secure, while also allowing them to break away from legacy vendors whose technologies may not even address and/or are ill-fitted for newer platforms (e.g. cloud, mobile, etc.) that customers are now adopting.   With all this activity in the market I am sometimes asked how Centrify stacks up to other vendors such as Okta, Ping Identity, etc. in this IDaaS market, and I wanted to use this blog post to give my high-level thoughts on this topic.

Before I drill down on how I see us differentiating in the market, let’s first define the IDaaS aka Cloud Identity market. According to Gartner, IDaaS functionality includes:

  • Identity governance and administration (“IGA”) — this includes the ability to provision identities held by the service to target applications.
  • Access — this includes user authentication, single sign-on, and authorization enforcement.
  • Intelligence — this includes logging events and providing reporting that can answer questions such as who accessed what, and when?

In terms of the market sizing itself, Gartner admits in the Magic Quadrant that the “IDaaS market is still in its early days.” The Magic Quadrant says that the multi-functional IDaaS market is only currently a $230 million market in 2013 (although notes that single function identity services such as authentication-as-a-service is an additional $220 million market), and by the end of 2017 will represent 20% of deployments. A separate Gartner report published in October 2013 and entitled “Market Trends: Cloud Based Security Services” describes the largest segment of the cloud security market as cloud-based Identity and Access Management (“IAM”), with growth from $500 million in 2013 to $1.24 billion in 2017 for a total 28.3% combined annual growth rate (and nice to see two different reports from Gartner roughly match each other in terms of 2013 market sizing).

I have also seen separate data on the size of the overall IAM market, which IDC projects to be around $7 billion in 2017, and with the overall IAM market growing around 10%. So using the Gartner numbers of $1.24 billion for cloud-based identity and the IDC number of $7 billion for the overall identity market, my back of the envelope calculation shows that by 2017 cloud identity is 20% of the overall IAM market which, voila, matches the Gartner projection that cloud identity will also be 20% of IAM deployments. And given that cloud identity is growing faster than the overall IAM market, it also means that cloud identity is eating into traditional IAM, i.e. disrupting the market.

Net-net, whenever you have soon-to-be billion dollar markets that are growing rapidly and that are eating into legacy incumbents you are going to find a lot of excitement and investment. And when you start thinking about how IT is evolving into an “Enterprise of Things” of mobile devices talking to cloud-based services (as I documented in my last blog post), there is going to be even more demand and interest in next generation identity.

IT Evolution Drives New Market for IDaaS
IT Evolution Drives New Market for IDaaS

So where does Centrify stack up in this new market for Identity and Access Management as a Service? I see our differentiators deriving from both our company and our technology approach to cloud identity.

First if you look at Centrify the company, we are not some few year old startup. Centrify itself is 10 years old, and over that 10 year period we have built a level of trust and dependability with large, medium and small sized enterprises that frankly is unparalleled by other pure play vendors. We have a total of over 5,000 customers, which is easily 5x what other vendors have in terms of an install base. Our solutions are deployed in nearly 50% of the Fortune 50, while other vendors won’t publish what their market penetration is in large enterprises (and there’s a reason they don’t, as it is not that impressive). We have a 97% customer retention rate, and other vendors won’t publish their retention rate (again they don’t match that). We have publicly stated in various blogs and interviews that we were over $50 million in sales in calendar year 2013, while other vendors will decline to disclose their revenue numbers, because frankly those numbers are not that sizable.

Point is we are in a better situation as a company to be in for the long haul for customers in this new cloud identity market. Other vendors may claim to have more customers in just the cloud identity market than what Centrify has. However, next month (which is the start of our new fiscal year) we will be publishing our specific cloud adoption by end user organizations, and don’t be surprised that even in the pure cloud identity market we have just as good, if not better, customer adoption than other identity vendors.

So how do we compare from a technology (aka product) perspective in this cloud identity market? Like other cloud identity vendors, we support 1000s of SaaS applications for single sign-on, offer multi-factor authentication, user provisioning to popular SaaS apps such as Office 365, etc. In fact if you look at the Gartner Magic Quadrant (click here to download) we are clearly considered one of the top vendors in the market when looking at the combined ability to execute and completeness of vision.

So when asked about product differences, I see us having four main competitive product strengths in the cloud identity market: our architecture vis-à-vis how we store and handle identity data; our mobile capabilities; our support for global enterprises; and our ability to branch beyond “SaaS single sign-on” and address identity in a hybrid world. Let me talk about each in a bit more detail.

First regarding how we store and handle identity data, the fact is that Centrify User Suite (our IDaaS offering) uniquely enables choice in user identities (AD, cloud or hybrid). Gartner notes that their clients are right to express concern with IDaaS around possible data security issues and protecting enterprise users’ passwords.  While other vendors replicate AD data to their cloud, Centrify never does this. With Centrify, all data needed to provision users to SaaS apps can be gained from bridging to an on-premises directory (like Microsoft Active Directory, which mass majority of enterprises use). In other words, with Centrify you can “put your identity data where you want it.”

So when it comes to storing identity data, we take an approach that is more democratic and open than many other cloud identity vendors. We support the identity store to be Active Directory and/or our cloud-based user service, and soon we will be also adding support for other cloud-based directories such as Azure Active Directory. I like to joke with our team that when it comes to storing identity data we are Franklin Delano Roosevelt, protecting democracy and freedom, while other cloud identity vendors take a Stalin-like approach of forcing you to store identity data in their proprietary cloud-based directory.  This is probably one of the main reasons that many large enterprises and government agencies are not adopting alternative cloud identity vendor’s solutions and that these vendor’s install base is more concentrated on smaller and medium sized business (“SMBs”) who don’t share enterprise-class security and privacy concerns.

Which approach to Cloud Identity do you want?
Which approach to Cloud Identity do you want?

Second, if you look at our mobile capabilities, we realized from the get go that in a cloud world, mobile was going to be the de facto way that end users would access their applications and data. Hence we provide significantly greater mobile capabilities than another cloud identity vendor out there. To provide secure access (remember this is about Identity and Access), Centrify makes sure the underlying device is secure by providing mobile device management as a standard feature of our offering. We also provide mobile application management as well, so when a user is set up to access a SaaS app, we can also provision the mobile app to the user’s device.

We also enable the device to act as another factor in authentication, i.e. we deliver great Multi-Factor Authentication. And we uniquely provide “Zero Sign-on” from the mobile device for both web-based apps as well as rich mobile apps. Contrast that with most other cloud identity vendors who simply provide the MFA piece and a simple way to launch to web apps from a mobile app.   As Gartner noted in the Magic Quadrant, Centrify’s “enterprise mobility management features are unique in the market.”

Next, we believe we are better suited for global enterprises. Our cloud service operates in data centers throughout the United States, Europe and Asia. Other identity providers just have their cloud residing in the United States, meaning data is not “in region” for European and Asian customers, which may be of concern from a privacy and security perspective as well as a latency perspective. In addition, Centrify’s offering is available in 15 languages, while most other cloud identity vendors only support English.   This makes the solution less appealing to non-English countries.

Did someone say multi-language support?
Did someone say multi-language support?

Finally, while many cloud identity vendors talk about a hybrid IT environment, the reality is that they just really offer a solution for SaaS apps.   Yes end users may be increasing their usage of SaaS and cloud apps, but they also need access to on-premises systems and applications. Centrify truly does address a hybrid IT environment. Like other vendors we support 1000s of SaaS apps, but also take a look at our supported platforms page where you can see we support over 450+ flavors of UNIX, Linux, Windows, Mac, iOS, Android, etc. AND over 50+ types of on-premise applications ranging from SAP to DB2 to Apache. This is software in the form of operating system agents and application plug-ins behind our solution. This means we can provide a single solution across data center, cloud and mobile.

Can your Cloud Identity vendor do this?
Can your Cloud Identity vendor do this?

The bottom line is that after only recently entering the cloud identity market, Centrify is already considered one of its top vendors, with strong differentiating capabilities as I detailed above. And the cool thing is we are not just a one-trick pony, and are already a leader in other areas of identity, such as Privileged Identity Management.   But we are not resting on our laurels – expect us to further innovate in the cloud identity market. Should be fun to see how this market evolves and grows! If you are looking for “IDaaS” aka “Cloud Identity” aka “Identity and Access Management-as-a-Service” solutions, we hope you short-list Centrify. Click here to request a free trial.