Every day, the demand for advanced identity and access management (IAM) capabilities grows more urgent and widespread—but so do the challenges associated with getting it right. By helping enterprise customers address their critical IAM mandates, MSPs can capitalize on a significant market opportunity.
In most enterprises, the demands for strengthened security and accelerated application innovation represent contradictory objectives. When it comes to adopting the innovations that can help fuel faster application innovation, security teams have often raised concerns or road blocks. For example, security teams may seek to limit their organization’s adoption of cloud services in order to retain stronger control of sensitive assets.
In the application economy, application agility and security can’t be viewed as an either/or proposition. Security teams can’t be viewed as innovation inhibitors. Instead, they need to foster a new mindset and identify ways that make security an innovation enabler. Robust, advanced IAM capabilities represent a key way for organizations to do just that.
At a high level, IAM refers to the process of creating, managing and using digital identities and for enforcing access policies. IAM comprises both processes and the infrastructure and services required to support those activities. Through advanced IAM, organizations can establish efficient, centralized control and visibility.
Advanced IAM is emerging as a critical imperative for enterprises, and a compelling business opportunity for those MSPs that can help customers address these requirements. To provide more insights and context into the opportunities for MSPs in the IAM market, CA undertook an extensive survey of enterprise IT decision makers. Following are some of the key findings from the survey--and the takeaways for MSPs.
Finding 1: The Cloud-Driven Disconnect Between IT and Businesses
The survey results provide a clear illustration of the disconnect that has emerged in many organizations between IT teams and the rest of the business. Respondents, who were predominantly composed of security staff and management within IT teams, were asked what percent of business applications were running in the cloud. Almost half indicated that less than 10 percent of their organizations’ applications were running in the cloud. Another 30 percent said between 11 and 25 percent of their applications were cloud-based.
If you think that sounds low, I’d agree—way low. In fact, these numbers remind me of a Fortune magazine article that cited a report underscoring the discrepancy between IT’s perceptions and the realities surrounding the proliferation of the cloud. The report showed that while IT department personnel believed their organizations had about 60 cloud services on average, the number is typically much higher. For example, the average in financial services was approximately 1,000 applications.
The reality is that the adoption of cloud services has largely been driven by business leadership, with little, if any, involvement of IT. The result is that corporate data, systems and services aren’t governed by consistent policies and controls. The rise of so-called “shadow IT” leaves businesses exposed to failed compliance audits and security breaches.
The Takeaways for MSPs
For MSPs, this apparent disconnect between IT and the business can represent an opportunity. By delivering advanced IAM services, MSPs can put IT teams in a position to centrally manage identities and access privileges across the business’s entire application estate, regardless of the number or mix of applications running in the cloud and on premises.
Finding 2: Automation Key, but Lacking for Many
Within enterprises, IAM’s advancement is a journey. Particularly in smaller organizations, early IAM implementations tend to be characterized by manual, ad hoc processes and piecemeal sets of tools. Over time, organizations tend to establish more formal, standardized approaches, which sets the stage for automation and optimization over time. The survey looked at where respondents were in this evolution.
Almost three-quarters (74 percent) of respondents haven’t evolved their capabilities past the point in which roles, policies and structures are established in a more formal fashion. Less than 20 percent have automated, standardized processes, and just over 5 percent have reached the point at which they have optimized their IAM operations. Further, when asked about the challenges respondents are seeing with their existing IAM systems and processes, “Automating requests, approvals and fulfillment” received the highest response.
The Takeaways for MSPs
The survey results make clear that IAM is an arena that’s ripe for optimization in the vast majority of organizations. Given the breadth and scope of activities required to support IAM in businesses, the potential gains are significant: Even slight efficiency gains can make a big difference in the business’ finances and agility.
To establish the requisite capabilities, security teams will need to manage the investment and implementation of new IAM platforms. However, many internal teams lack the time and expertise needed to get maximum benefits from these tool investments. Those MSPs that can help enterprise security teams with these transitions—which could include everything from tool evaluation and selection, to implementation and ongoing support and optimization—can address a significant and rapidly expanding market demand.
Finding 3: Customers are Dissatisfied with Current Approaches
The survey polled respondents on their levels of satisfaction with their current approaches, and the results make clear there’s a lot of dissatisfaction. Across all organization sizes, only 15 percent say their current systems fully meet their needs.
Not surprisingly, the survey responses also point to a clear correlation between dissatisfaction and IAM maturity. When looking at survey respondents who indicated they are at the lowest end of IAM maturity (those who indicated they had manual, ad hoc processes), more than 80 percent say their systems don’t meet their needs or that they need substantial improvement.
The Takeaways for MSPs
The high level of dissatisfaction among many respondents underscores the urgency of the need for effective IAM: IT executives are clearly aware of the issues and the need to address them quickly. By delivering IAM services, MSPs can address a significant market demand and address pain points that IT leaders are acutely aware of.
Finding 4: Customers’ Challenges and Requirements are Significant
In today’s organizations, there’s a broad swath of areas in which businesses need to improve. Following are the top four IAM challenges cited by respondents:
- Automating requests, approvals and fulfillment
- Staff resources lacking
- Supporting various authentication methods
- Reacting to organizational changes
The survey also looked at organizations’ annual IAM expenditures, and the numbers show IAM doesn’t just place an administrative burden on internal staff, but a significant strain on IT budgets. Approximately 40 percent of respondent organizations spend more than USD$100,000 a year on IAM.
The Takeaways for MSPs
While the IAM market isn’t by any means new, it is a healthy place for MSPs to be doing business. As the numbers above show, the IAM market represents one that can yield large deal sizes, and the market is expected to grow. One research firm estimates that by 2020, the IAM market will be worth USD$12.78 billion, up from 7.2 billion in 2015. By delivering advanced IAM services, MSPs will be able to address large-scale demands, command large deal sizes and position themselves in a market set to see significant growth.
Finding 5: Customers are Open to Enlisting the Help of MSPs
The survey examined current obstacles to IAM investment. Results indicate that many organizations are stuck in evolving their IAM capabilities. What prevents organizations from investing in IAM, and advancing their capabilities? Organizational immaturity, unpredictable costs and lack of internal competence were each cited by significant percentages of respondents—and each of these areas are ones in which MSPs can change the customers’ paradigm and help them get moving in the right direction.
The Takeaways for MSPs
A large percentage of respondents surveyed appear open to enlisting MSPs to help with their IAM efforts. Less than 20 percent indicated they would not adopt IAM managed services. On the other hand, the following four justifications for employing an MSP received at least a 40 percent response:
- Ability to expand as needed
- Ability to deliver new functionality
- Freeing up staff resources for other business priorities
- Getting new capabilities deployed more quickly
Therefore, a large percentage of respondents appear to have a good understanding of the key ways MSPs can help their businesses—and are open to enlisting the help of MSPs to advance their IAM efforts.
The survey results detailed above offer a strong case for MSPs to build or expand their IAM practices. The results make clear that many enterprises have an urgent need to optimize their IAM efforts and implementations—and that many IT teams will need to partner with expert MSPs to make this happen.
To get more information on the survey and the takeaways for MSPs, be sure to access the following white paper: “Identity and Access Management in the Application Economy: The Urgent Market Demands and How MSPs Can Address Them”
Ken Vanderweel is senior director, service provider solutions marketing, CA Technologies. Monthly guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship.
Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.