Market for Cloud-based Identity Set to Take Off

I was planning in this week’s blog post to talk about the great new features in our recently updated cloud-identity solution but my eye was caught by Gartner’s recently published report on market trends for Cloud-based Security Services that touches upon a lot of stuff we are doing here at Centrify, so thought I would first blog about this report first. The good news for us vendors in the identity space is that Identity and Access Management (“IAM”) ranked as the largest market segment in this year’s $2 billion cloud-based security services market. In addition cloud-based IAM (also known as Identity-as-a-Service or “IDaaS”) is considered one of the top 3 most sought after services (i.e. “must haves” vis a vis customer demand) and enjoys one of the highest growth rates within this fast growing cloud security market. So in this blog post I will drill down a bit into this report and highlight some of the key points.

[The actual Gartner report is entitled “Market Trends: Cloud-Based Security Services Market, Worldwide, 2014“, but the data I present is from publically available sources such as this Gartner press release and this Network World article plus a few other sources.]

Key points I see are the following

  • The cloud security market will grow this year from $2 billion to $4 billion in 2017, an impressive doubling in 4 years.
  • The largest segment of the cloud security market is cloud-based IAM or IDaaS. IDaaS will grow from $500 million to $1.24 billion in 2017 for a total 28.3% combined annual growth rate. This makes Cloud Identity the 2nd fastest growing segment of the cloud security market, with Security Event Management growing a bit faster but off a smaller base.
  • I have also seen separate data on the size of the overall IAM market, which IDC projects to be around $7 billion in 2017. So using the Gartner #s of $1.24 billion for cloud-based identity and the IDC # of $7 billion for the overall identity market, while cloud identity is growing rapidly, even by 2017 cloud identity it is only 20%-ish of the overall IAM market. So that means that as an identity vendor your Total Addressable Market (TAM) is much bigger if you can support hybrid environments, which by the way is exactly what Centrify does.
  • Gartner defines IdaaS as “a combination of administration and account provisioning, authentication and authorization, and reporting functions” — obviously all facilitated as cloud-based services. This follows our CTO’s description of IDaaS but Centrify also believes that definition should also include “more ‘glue‘ to connect this identity system to the device that my users use.” This is in line with the arguments I made in my prior blog regarding the merger of cloud and mobile management.
  • Interest in the cloud IAM space has been “driven mostly by SMBs’ needs to extend their basic IAM functions and serve employees who are accessing SaaS and some internal Web-architected applications.” Net net the cloud identity market is being driven today mostly by smaller organizations who are more likely to go with a cloud-centric approach.
  • Gartner also states that “an increasing number of organizations seem to be adopting cloud-based IAM services to replace IAM on-premises tools.” So there is some larger enterprise adoption going on. They later add that “larger businesses are often looking to use IAM as a mixture of legacy- and Web-architected cloud and on premises applications.” That’s key thing to point out as most enterprises are not just pure cloud, but have on-premise systems and apps that are not going away any time soon, which follows my comment above about hybrid environments.
  • Cloud IAM is one of the “top three” most sought after cloud-based security service, meaning that it is considered more of a “must have” vs. “nice to have.”
  • But concerns remain. Privacy remains an inhibitor to cloud-based security adoption and “a serious failure of one or more well-known, cloud-based security providers could damage organizations’ confidence in cloud-based security as a whole.”

The good news is that Centrify offers a leading solution for cloud-based identity which we recently updated. With Centrify for SaaS, organizations can now solve users’ password problems and secure the devices that are accessing cloud and mobile apps. End users benefit from the SSO and self-service features that let them locate, lock or wipe their mobile devices, as well as reset their Microsoft Active Directory passwords. IT benefits from Centrify’s easy-to-deploy, cloud-based service that delivers centralized access control and visibility to SaaS app usage and integrated mobile application management with seamless integration to Active Directory or Centrify’s cloud user service. Centrify for SaaS decreases the cost of managing SaaS apps and mobile devices while at the same time improving security and compliance, as well as user adoption, satisfaction and productivity.

One key point that I will discuss in my next blog post is a concept of ours which we call “Identity Where you Need It.” In addition to Centrify’s leading Active Directory integration for SaaS and mobile management, Centrify now supports cloud-only deployments for non-Active Directory users, as well as a hybrid Active Directory and cloud deployment for external users, thus enabling the industry’s most flexible Identity-as-a-Service (IDaaS) offering. Centrify is unique in not replicating Active Directory to the cloud and out of organizations’ control, even if they choose to manage some of their users via Centrify’s cloud model. I will describe in more detail why that is of significance, but clearly concerns do exist (as noted in the last bullet above), especially with larger enterprises regarding where identity is stored, and an optimal solution for cloud identity must be able to address these concerns.