The 50th Edition of the Identity Jedi Newsletter

THE STATE OF IDENTITY: The Platform Wars - The Prologue ( 2013 - 2018)

Long ago, in a galaxy far, far away…

Customers spend millions of dollars a year on Identity and Access management software and the implementation of that software. Faced with regulatory demands and the need to secure their business, they purchased different products for every are of IAM they needed to solve. Allow users to sign in once and have multi-factor. One product. Discover and protect admin credentials? Different product. Run access reviews, and provide access requests. Different product. Customers would purchase upwards of 4 different products and then had to get them implemented and configured to their business process. Now a small amount of these customers had the internal teams to handle this implementation, but a majority of customers would need outside help. Help that was trained in the products they had and could help them obtain their goals, and of course, they needed someone who had expertise in the specific product because rarely did one person have expertise in them all. And so, the customers did it. Millions, upon millions, upon millions of dollars spent. But budgets were increasing, valuations were soaring, so the money just kept on flowing. Years of work done, and in the end all was right in the world.

Right?

I mean, the customers did everything they were told. So they were secure now, right? They didn’t have to keep spending money on this problem. It was over…..right?

Wrong.

Data breaches and hacks continued to happen. In fact they were increasing at a scale in which most security teams couldn’t keep up with. Cloud computing was changing the IT landscape overnight. Companies had more SaaS apps then users, human identities, machine identities, contractors, vendors, were all getting access to data and applications and current siloed solutions weren’t enough. Now the customers needed to integrate. All their point solutions needed to talk to each other, share information, and respond accordingly.

More dollars, more time, different result….

Right?

Something needed to change.

A small rebellion was forming. Whispers of an integrated solution, one that tackled all aspects of Identity and Access Management in one offering. But that was crazy talk. Best of Breed was the way to go, it was the most secure, it was the most successful….

Right?

THE STATE OF IDENTITY: The Platform Wars - One tech to rule them all

Let’s define what I mean by The Platform Wars.

A time period in which identity and access management companies compete for customers’ business by building an All-In-One identity and access management platform. One place to get SSO, Governance, Identity Management, Privileged Access Management, Access Request.

But why a war?

Well, before the platform, there was peace among the vendors. They all had their slice of IAM pie and were happy all selling to the same customer. They even announced partnerships, had co-selling arrangements and held hands while skipping down Wall Street.

But then….. capitalism.

Ok maybe that’s a little unfair. The reality is customers were struggling to justify the costs and keep up with the demand of running an IAM program. They needed something that could empower their team, not slow them down. They needed integrated use cases because identity is integrated. And also capitalism, I mean, let’s not be naive here. Why have 2 oranges when you can have 5? If one company could offer a customer all the features they need, that’s more money to them. And all the vendors were thinking it, even if they didn’t say it out loud. In fact, they were building towards it.

( Between the years of 2014 and 2023 there were 26 acquisitions made by Okta, SailPoint, CyberArk and Ping)

So people thought about it, people said it was coming ( yours truly) but it just sort of bubbled underneath the surface. Customers weren’t really asking for it, and then…

2020 happens. The world shuts down and we are thrust into a 100% remote workforce. Add that to a following “recession” that no one want’s to call a recession, and Okta announces IGA and PAM products in 2021.

The first shot fired.

CyberArk ( who had been quietly building), a year later brands themselves as the Identity Security Platform. Uncle Tommy B goes on a shopping spree and buys SailPoint, ForgeRock ( RIP), and PING. Newcomers to the market challenge “traditional” IAM vendors ( aka Legacy, aka old and busted, aka, boomers.) on their ability to help organizations manage identity at scale.

Meanwhile, we see the development of new terms like CIEM, ITDR, SASE, and cybersecurity mesh. All pointing towards a need to better integrate identity information with security tools, because, after all Identity is a part of security.

And so now we find ourselves here. IT and security teams have smaller budgets and are looking for real value. All the players have gone to their perspective corners and attempt to provide a complete platform.

One tech to rule them all.

THE STATE OF IDENTITY: The Platform Wars - This is the way…forward

We haven’t seen the last big announcement in this space. While we’ve been talking about traditional IAM players. The security vendors have noticed and want a piece of the action too. We saw CISCO purchase Oort, and I don’t think that will be the last ITDR’ish company that gets scooped up in the coming months by “traditional” security vendors.

There will be more.

New entrants will push and transform the way identity is thought of today. A more proactive approach to identity, utilizing identity data to enhance security threats, and HOPEFULLY automation around those threats. My bet is that as we exit 2024 we’ll see several Identity Security platforms that looks and feel a lot more like security platforms. Verbs like “threat'“ and “hunt” will make their way into the identity vocabulary. Not mainstream, but right on the edge.