The Gartner Hype Cycle for Identity and Access Management (IAM) Technologies annual report aids IAM professionals in understanding advancements in the industry. The report defines which technologies and innovations are attracting attention or gaining traction and which formerly promising approaches to IAM are likely to soon fade away.
The Hype Cycle illustrates the IAM industry expectations, for the technologies, over the next decade, divided into sections and presented plotted on the cycle’s curve. Focusing on the flow of technologies over time, from rising stars of innovation, through the trough to stability, then the acceptance into mainstream IAM maturity, and on to the final phase of plateau through exit.
The full report details all 25 technologies from the Hype Cycle graph. We’ve chosen to focus on the new and rising technologies we think are most exciting.
Externalized Authorization Management (EAM): Also known as Dynamic Authorization, Externalized Authorization Management provides fine grained policy management, enforcement and decision modelling for applications, services and infrastructure. Externalized Authorization Management can be applied through Policy Based Access Control (PBAC), Attribute Based Access Control (ABAC) and Role Based Access Control (RBAC) solutions. Recognized by Gartner as ‘climbing the slope, EAM has a prospective longevity of 5-10 years. Mostly deployed to target known off the shelf applications, EAM can also be applied to custom software development or to support legacy systems. For example, applying fine grained data access controls in the healthcare and banking industries. PlainID is mentioned as a sample vendor for EAM.
Decentralized Identity: With their use of blockchain, Decentralized Identity systems increase trust by placing the user in control of their own identity and related attributes. Under this model, personal information and access rights are not stored in silos. Offering increased security and ease of access, Decentralized Identity relies on identity providers for verification to ensure device integrity and provide secure data sharing. As an emerging technology, Decentralized Identity offers great potential, progressing at speed with open standards already available.
One of the side effects of using Decentralized Identity is that in a distributed Identity environment the need for authorization policies increases. The additional policies are needed in order to provide consistent and unified access enforcement, regardless of the identity source.
API Access Control: Combining centralized access control policy management and security access tokens, API Access Control enables authorization for microservices, web and mobile applications. While growing in relevance, API security capabilities are often lacking the features provided by Access Management solutions. API gateways alone are not enough, and customers need a solution that provides more adaptive and fine-grained controls.
Data protection, consent and privacy require user API access controls, which can be addressed by adding PlainID’s capabilities to the existing API gateway. PlainID Policy Manager, enables fine-grained and adaptive controls within an existing API Gateway, and provides a fitted solution for microservices, API accessed Data, and more.
SaaS Delivered IAM: Already established as an alternative to software delivered tools, SaaS Delivered IAM lowers the costs of ownership and infrastructure by offering reliable services that are easily scalable with rapid deployment. As companies continue to prioritize the move to the cloud, they should consider their overall IAM stack as well, including authorization management and control.
Well on the way to becoming a stable, widely adopted technology, OpenID Connect (OIDC) is the source for identity data of the policy. Positioned on top of the OAuth 2.0 protocol, OIDC concentrates on end user authentication and improves user experience.
The OKTA along with PlainID, for example, enriches the OIDC token with dynamic authorization data to streamline authentication & authorization. By ensuring access needs are met in real-time through one decision point, requests to management and IT to access data resources, including apps, are reduced. OKTA as the identity source with a PlainID policy layer, enables better defined user access and control of the connection between users, apps, and app resources.
Succeeding in early mainstream adoption, authorization framework OAuth 2.0 uses authorization tokens to limit access rights to resources OAuth 2.0 addresses privacy concerns as end users can permit or deny access to their data. A secure alternative to providing passwords to third party applications, OAuth 2.0 enables authentication, access and consent for web, mobile, microservices, API’s and IoT.
Customer Identity and Access Management (CIAM) and OIDC both use a flexible, dynamic layer that easily integrates with the Identity Provider (IdP) but CIAM focuses on customer identity and access accounts. Often reliant on Role Based Access Control (RBAC) solutions, CIAM could benefit from a more robust, granular and scalable approach where dynamic policies could be easily overviewed, like in the PlainID policy manager for PBAC. On the road to mainstream acceptance, CIAM has the capability to provide adaptive access control, self-service registration and profile management. Identity analytics and report features can be used to further enhance customer experience and respond to changing customer needs and preferences. To ensure customers are always greeted with a smile, CIAM offers an efficient, optimizable approach to Access Management.