When I get to the bottom I go back to the top of the slide
Where I stop and I turn and I go for a ride
Till I get to the bottom and I see you again
Yeah yeah yeah hey
– Helter Skelter, Lennon–McCartney, 1968
IDaaS (1) is a next-big-thing for anyone producing digital identity services. Like most next-big-things IDaaS is,
- a sub-species of an even bigger thing – the cloud (2), and
- not really a single thing.
Gartner (3), for example, describes IDaaS as,
SaaS delivery and dedicated hosted instances of identity and access management (IAM) that require minimal or no enterprise on-premises presence of hardware or software.
Which is a pretty rushed definition both conceptually and stylistically.
Let’s just put it this way: I am happy to call something IDaaS if it provides functionality at the end of a URI, and you can use it (in some way) to produce digital identity services. (3)
However, the important questions about IDaaS aren’t categorical – they are practical. How useful is it? What is it good for? How can we use it? Gartner’s summary of the current market is:
- Benefit Rating: Moderate
- Market Penetration: 5% to 20% of target audience
- Maturity: Adolescent
- Time to Plateau: 5 to 10 years
And just for good measure IDaaS is poised at the top of the whoooooooo-hoooo-hands-above-your-head sudden-death plummet into the ‘trough-of-disillusionment’ on Gartner’s proprietary hype-cycle curve (4).
At the same time there is a lot of market “impetus” behind IDaaS and a number of vendor’s (6) are aggressively developing IDaaS offerings.
Gartner’s predictions are remarkably measured. They say that,
By the end of 2017, 20% of IAM purchases will use the IDaaS delivery model, up from less than 10% in 2014. (7)
I think Gartner are being a tad conservative, and things will move faster than they predict. Still, the good news is that we have probably have enough time to get IDaaS right.
However, I for one do not want to twiddle my thumbs waiting for the vendors to sort it all out. Let’s get those practical questions asked and answered?
Next in this series: Consumer and organisational IDaaS – What’s the difference? Does it matter?
(1) IDaaS: Identity as a service. (On the highly unlikely chance anyone with enough interest in identity to read this doesn’t know what that mangled acronym stands for.)
(2) Personally I think we are almost at the point where the figurative “cloud” has replaced the more prosaic “internet”. But really the term cloud, as far as I am concerned just means the internet.
(3) Gregg Kreizman, Hype Cycle for Identity and Access Management Technologies, 2014, Gartner, 15 July 2014, G00263810, p. 17.
(5) The conceptually tidy among us will note that there is a lot of fuzziness around resource-provider-consumer categorisation of cloud services. Often today’s services are a mishmash of IaaS (private and or public), SaaS, PaaS, on-site and every other flavour of production you can think of.
(6) There are IDaaS focused IAM vendors such as Ping Identity, Okta, Sailpoint or OneLogin. But it is worth noting that vendors of more traditional on-site IAM suites are making significant moves into IDaaS – Microsoft’s roadmap for Azure AD being a good case in point. Finally there are vendors in other software classes that see opportunities in IDaaS such as Salesforce.
(7) Gregg Kreizman, Magic Quadrant for Identity and Access Management as a Service, Gartner, 2 June 2014, G00260221