Which vendor is the leader in IAM and what makes them stand out?

2k views2 Upvotes8 Comments

Sort by:

Director of Tech and Cyber Strategy in Finance (non-banking)3 years ago

I think it depends on your use case. Okta is a great product but doesn’t really address PAM. It also doesn’t work well when you have on-prem AD tools and aren’t mainly using the cloud directory service. It also doesn’t scale incredibly well. At the same time they have a lot of SSO workflows out of the box which can make it incredibly quick to implement.

One of the challenges with answering this question is that IAM is such a broad category that even what you would consider a leader will still have some gaps when it comes to components of the IAM workflow. For example if you’re all Azure then Microsoft can work pretty well with it’s DaaS/SSO/MFA/PIM but once you go outside that ecosystem PIM won’t hold for your PAM at which point you need to start looking at CyberArk or BeyondTrust. This also doesn’t account for how easy a tool is to roll out and how well you can execute from a people/process standpoint.

VP of Information Security in Finance (non-banking)3 years ago

Depends on your use case and how much you want to spend. According the Gartner Magic quadrant the leaders are PING, OKTA, and Forgerock in many areas in IAM. From the maturity, flexibility, and coverage I see Forgerock over these others. ping just recently acquired DaVinci for their orchestration component and it’s being built out with lord connectors- definitely one to watch but for now Forgerock.

CIO in Finance (non-banking)3 years ago

Okta because of its breadth of capabilities, but looking at Microsoft.

Senior Director of Engineering in Software3 years ago

Okta. Seems right now the cool kid on the block.

Board Member in Healthcare and Biotech3 years ago

Well I have used Microsoft, Oracle, Ping Identity, CyberArk, Oracle, Auth0 and Okta across different organizations. They cater to different segments of the market though Okta probably covers the depth and breadth of offering. So if someone asked me for a recommendation, I would say if you can afford it, go with Okta.

The future is all about decentralized identity; there are many startups promising federated and self-sovereign decentralized identities. One of the startups is Fortytwo42 Technology Innovations* (www.fortytwo42.in).

* Disclosure: I am an investor in this company

Content you might like

What part of cloud security worries you most right now?

Encryption/data protection11%

IAM48%

Vulnerability management/patching31%

Network security/segmentation9%

Other (tell me in the comments)2%

View Results

Can you share any tips or lessons learned from your IAM implementation? What would you do differently, if anything?

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Patch management: to reduce attack surface and avoid system misconfigurations34%

Malware and ransomware prevention: to protect endpoints from social engineering attacks60%

Malware and fileless malware detection and response: to protect against malicious software47%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls29%

Not planning to change endpoint security strategy7%

View Results

Do you have any tips to boost the SOC/security operations team’s visibility into IAM? Have you managed to effectively close that gap at your organization?

What are your views on the upcoming "delayed" retirement for Microsoft Identity Manager and moving to either Entra ID Provisioning or a third party tool for JML. With MIM openly being discussed to be retired at some point, are the other solutions from Microsoft mature enough, or should I stay as I am for now?