Recent events touching the cyber aspects of the financial services global risk agenda have heightened our clients interest in the market dynamics and trends in identity and access management (IAM), both on a regional and global basis.
So, expanding the IDC Financial Insights Global Risk agenda, we are teaming with our Security Services and Products analysts to look at the technologies, solutions, and service relative to end-user needs, and to identity the factors expected to be most conducive to the success of IAM solution providers in the financial services marketplace. The tools being used for the research address requests from IDC end-user customers an assessment that is transparent, consistent and rigorous.
For this study, we're defining the IAM market in this way:
We've expanded our view of the IAM stack to include an analytics and monitoring/reporting layer, as well as a set of interface services for internal and external applications, idenities, and identity services. Services include, but are not limited to, authentication, authorization, auditing, assurance validation.
IAM Market Definition
For the study, our working definition of the IAM Market includes:
- Human capital, processes, technologies and services to identify and authenticate users, devices, and services, and grant or deny access rights to resources, logical and physical. The goal of IAM is to provide appropriate identification, authentication, access to, and monitoring of resource use.
- Financial Services Sectors, including Banking, Capital Markets, and Insurance
- Global Regions of North America, Latin America, APAC, Europe, MEA
- Application Population
- Enterprise users (physical IAM, enterprise application IAM, web IAM, cloud IAM)
- Enterprise servers (server to server authentication/encryption)
- Enterprise services (service authentication/encryption)
Tipping Points Influencing the Study
IAM is classified in the IDCFI Global Risk Taxonomy as an operational risk management function. Investments in operational risk management on the rise across all major financial sector and region
- Costs associated with IAM make up a significant percentage of total operational risk operating costs (as high as 30% of total information security operating costs)
- Recent compromises of intellectual property from IAM suppliers' puts users in financial services at risk. This in turn will cause a re-evaluation of technologies and suppliers, and suggest significant improvements are needed to platforms and deployment strategies
- Prevailing technology trends of virtualization, cloud, mobile, and social media creates opportunities (and risks) for emerging identity techniques and providers
- Misuse of internal identities and access rights is a common platform for insider abuse and fraud
- Efforts continue in financial services to reduce the number of internal identity stores (and to provide a single set of credentials for accessing enterprise resources at work, at home, through mobile devices and social networks
- Past efforts by financial serivce providers to partner (spread costs, risks, and responsibilities, to deliver identity services have been difficult to monetize.
Today, a SWOT analysis of the role of financial institutions in the identity market would look different than it did 5 years ago. The financial services industry could be on the cusp of a significant transition in the way identity services are delivered, but we've been here before. If you'd like to take part in the study and haven't connected with us yet, please post to this blog or contact email@example.com or firstname.lastname@example.org. Get involved in the discussion - scope, approach, views on the tipping points.