We hear it from identity and access management (IAM) leaders all the time:
- They don’t have visibility into what their users are accessing today
- They lack the context they need to set what the right levels of access should be tomorrow
- Expanding users, devices, and cloud resources make moving to zero trust more critical than ever—while also making it harder to achieve
They bring these challenges to RSA because, for nearly 20 years, we’ve delivered the identity governance and administration (IGA) innovations that businesses need to make informed, business-centric identity and access management decisions, ultimately empowering organizations to simplify and scale access management and mitigate cybersecurity risk. Since the 2004 launch of the market’s first compliance-based identity governance solution, RSA® Governance & Lifecycle, and the 2021 launch of RSA® Governance & Lifecycle Cloud, RSA has helped tens of thousands of customers establish the governance capabilities fundamental to moving to zero trust and knowing exactly who is accessing what.
Our depth of experience, broad customer base, and new innovations all helped RSA stand out in the 2022 KuppingerCole IGA Leadership Compass: KuppingerCole Analysts AG named RSA an Overall Leader for the fourth consecutive year in its report, which helps readers “find the products that can meet the criteria necessary for successful IGA deployments.” The firm also named RSA a Product, Market, and Innovation Leader in the new report.
“A comprehensive IGA solution”
Like anything in tech or cybersecurity, IGA is a broader term that encompasses several other sub-specialties, including user access provisioning (UAP), Identity Lifecycle Management (ILM), and Identity and Access Governance (IAG), to name a few.
More important that the components that feed into IGA is where the broader IGA market itself is going: in the report, KuppingerCole analyst Nitish Deshpande writes that new “adoption trends, changing customer priorities, and deployment patterns” indicate that most organizations “want a comprehensive IGA solution.”
The Leadership Compass report uses those trends and preferences as context, putting its “primary focus on the vendors that offer both Identity Lifecycle Management and Access Governance capablities….to deliver capabilities across the IGA spectrum.”
That’s an important point for this report specifically and for the broader identity and access management (IAM) market: no matter the domain, vendors and analysts are prioritizing comprehensive solutions that deliver complete capabilities over one-off specialists that address a smaller segment of the identity landscape.
If you want to move toward zero trust, then you need identity governance
There are several market and cyber security trends driving the need for a complete identity platform: economic headwinds are forcing CISOs to do more with less.
But it’s the security imperatives that are even more top-of-mind: IT estates are continuing to grow across on-premises and multi-cloud environments, introducing new vulnerabilities as they expand. Those changes make it more important than ever for security teams to build toward zero trust, with complete visibility across their infrastructure. The only way to reach those goals is with identity governance.
The KuppingerCole Leadership Compass details the vendors that can help companies address those trends and move toward zero trust by identifying the few leaders that can complete every function across the IGA spectrum and that can do them all exceptionally.
More than that, the Leadership Compass can help organizations looking for a complete IAM platform. To deliver complete IAM capabilities, vendors must excel in identity governance as well as authentication and access. You simply can’t have an IAM platform without identity governance.
Use CIEM and context to address expanding multicloud risks
One of the most famous breaches in history resulted in part because of an identity governance failure: the ransomware syndicate DarkSide used an inactive VPN account to breach Colonial Pipeline’s network, setting off fuel shortages and influencing to a new executive order to improve cybersecurity in United States.
Bad as the Colonial Pipeline ransomware attack was, things are poised to become much worse with organizations increasingly moving to multicloud environments. A recent Harvard Business Review survey found that 85% of organizations “use at least two clouds—and a quarter [of respondents] are using five or more.”
As organizations add more cloud environments, their identity governance risks grow exponentially: Venture Beat reported that the “more complex a multicloud configuration, the more it becomes a minefield for zero-trust implementation” and that the “inadequate management of identities, access, and privileges will cause 75% of cloud security failures by 2023.”
Businesses and security are adapting to growing multicloud governance risks with Cloud Infrastructure Entitlement Management (CIEM), a new process for managing identity-as-a-service cloud entitlement issues specifically designed for public cloud environments. An IGA solution can help to manage policies that secure identities in multicloud environments: from initial creation to provisioning through migration and termination. Together with access management, these solutions are helping organizations control growing cloud security vulnerabilities.
Organizations can also get smarter about governance and security by using contextual authentication to monitor and respond dynamically to risk in real time. RSA® Risk AI uses data collection, device matching, anomaly detection, and behavioral analytics to determine the context for an access attempt. If that context differs from typical user behavior, Risk AI steps-up authentication to ensure a user is who they claim to be.
KuppingerCole Leadership Compass details RSA strengths
Because we’ve been working in identity governance for nearly 20 years, we realize just how important IGA is for large organizations. Whether helping CISOs secure the entire identity lifecycle or establish zero trust, HR teams set up new users, or compliance departments ensuring that only certain users can access PII, governance plays several vital roles across the enterprise.
The KuppingerCole Leadership Compass details several key strengths that RSA governance solutions deliver in fulfilling those many enterprise roles, including:
- Strong capabilities for identity lifecycle management
- Strong out-of-box on-premise and SaaS connector support
- Very good risk analytics-based access governance
- A strong global partner ecosystem
- Advanced identity and access intelligence capabilities supported
- Strong Policy management
The report grades the security, functionality, deployment, interoperability, and usability of RSA governance solutions as all ‘Strong Positives.’
We’re thrilled by KuppingerCole’s analysis of our IGA solutions, and we’ve made the full Leadership Compass available for download.
If you’re looking for more information on how identity governance helps organization move toward zero trust, then see this page for additional information.