Recently, I had the chance to attend the Gartner IAM summit after a three-year hiatus. These events are always invaluable for validating our understanding of the cyber security industry, learning new insights, and networking with peers and leaders in Identity and Access Management (IAM). Here are some of my key takeaways from this year's summit:
Embracing AI and Machine Learning in IAM
One notable trend is the emergence of Machine Learning (ML) and AI-based IAM capabilities, particularly in identity verification, fraud detection, analytics, and predictive access management. While many solutions are based on traditional ML models, the new concept of Identity and Access Intelligence (IAI) combines Generative AI (GenAI) with classic ML for intelligent automation. Predictions suggest that by 2025, 35% of organisations will adopt IAI with GenAI enabling that transition1. However, given the increasing risk profile, some scepticism remains.
Interoperability and Trust Frameworks
Despite expectations, there haven't been major changes or solution offerings in interoperability and trust frameworks. The industry still relies heavily on government-led initiatives like Canada's DIACC and the EU's eID. Integration of these frameworks into Customer Identity Management (CIAM) solutions remains a critical consideration, while enterprise and B2B use cases in ID verification continue to grow.
Evolving Vendor Landscape and Identity Fabric
Selecting vendors based solely on name and legacy is no longer feasible, as most vendors now offer capabilities covering Identity Governance and Administration (IGA), Access Management (AM), and Privileged Access Management (PAM), often with overlapping offerings. Gartner's recommendation to consolidate IGA, AM, and PAM into an Identity Fabric framework reflects this shift towards a standardised architecture to implement continuous adaptive security controls. While the suggestion is not necessarily to use a single vendor for all the Identity Fabric needs, the changes in the vendor landscape will help organisations to consolidate their IAM investment.
Aligning Identity Solutions with Business Outcomes
Despite the importance of linking identity solutions to business outcomes, this remains a challenge for many organizations, particularly SMEs. While ROI metrics beyond password management tend to favour large enterprises, SMEs struggle to articulate the value proposition to gain board-level traction. In our experience, through our IAM strategy engagements, risk remediation and frictionless customer acquisition emerge as key drivers for SMEs, highlighting the need for tailored solutions in this segment. At CGI, we collaborate with organisations of all sizes and across diverse sectors. Our observation is that when IAM strategy is tailored to industry-specific business goals, it accelerates the achievement of ROI.
Conclusion
The Gartner IAM summit provided valuable insights into the evolving IAM landscape. My key takeaways include:
- the growing integration of AI and Machine Learning (ML) capabilities in IAM solutions
- the ongoing reliance on government-led initiatives for interoperability and trust frameworks
- the consolidation of vendors' offerings into Identity Fabric frameworks, and
- the challenge of aligning identity solutions with business outcomes, particularly for SMEs.
So what’s next?
As cyber security continues its shift towards an Identity-First approach, there's much more to explore and discuss. Stay tuned for further insights and developments in this rapidly evolving landscape and please feel free to get in touch if you’d like to explore the future of IAM together.
Sources
1 - Gartner research paper - Identity and Access Intelligence Innovation with Generative AI