MQ Wam Nov2009

Magic Quadrant for Web Access Management
http://www.gartner.com/technology/media-products/reprints/oracle/articl...
12 November 2009 Ray Wagner, Earl Perkins, Gregg Kreizman Gartner RAS Core Research Note G00172037
The Web access management market has reached the mature stage. Future success in this market will be based on specific use cases, commodity solutions and expanding feature sets designed to address broader access management needs.
What You Need to Know

The "classic" Web access management (WAM) technologies, and the market for those technologies, have reached maturity. Vendors in this market can do little with the current feature set except to continue to fine-tune for performance and scale. The future of WAM lies in an expansion of its features to deliver more-general-purpose access management solutions for internal- and external-facing needs. WAM will eventually give way to access management across the entire spectrum of applications and services. The expansion of WAM will be augmented by boundary technologies, such as data loss prevention, that will provide greater granularity and more context for an authorization event. Identity federation user-centric frameworks will play an increasingly importantly role in WAM as vendors address customers' experiences with technical, political and legal issues related to its expanded use. Entitlement management for non-Web applications may be a function set in this "new and improved" WAM, but it will remain complex and slow-growing for some time, due to the lack of standardization across different generations of applications and infrastructure. For most of the vendors in the WAM market, growth has been slow, flat or even slightly negative, partly as a result of the worldwide economic downturn, but also due to market saturation and maturity. Small or midsize businesses (SMBs) may still offer a growth opportunity, and this segment of the market has shown some interest in nascent cloud-computing, and particularly software-as-a-service (SaaS), alternatives to traditional premises-based WAM technologies, even though these offerings are less mature. WAM offerings will increasingly be commoditized, and this trend will drive increasing use of appliance- and service-based WAM delivery. In general terms, this largely saturated market has too many players, and Gartner expects consolidation and departures from the market and commoditization to continue. Continued success in this market will require significant competitive differentiation, with vendors addressing the needs of specialized use cases.
Return to Top
Strategic Planning Assumption By 2010, successful vendors in the now-mature WAM market and the larger identity and access management (IAM) market will focus on expanding functionality beyond traditional Web access and refining operational WAM practices to address specific use cases. Acronym Key and Glossary Terms
AD ADFS ESSO IA IAM ILM LDAP NAM OAM PKI RSO SaaS SAML SI
Active Directory Active Directory Federation Services enterprise single sign-on identity administration identity and access management Identity Life cycle Manager Lightweight Directory Access Protocol Novell Access Manager Oracle Access Manager public-key infrastructure reduced sign-on software as a service Security Assertion Markup Language system integrator
1 of 17
5/11/2010 10:40 AM
SMB
small or midsize business service-oriented architecture Secure Sockets Layer single sign-on
Magic Quadrant
Figure 1. Magic Quadrant for Web Access Management
SOA SSL SSO
TAMeb Tivoli Access Manager for e-business TFIM UCIF VAR VPN WAM Tivoli Federated Identity Manager user-centric identity framework value-added reseller virtual private network Web access management
Vendors Added or Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor. Evaluation Criteria Definitions
Source: Gartner (November 2009)

Return to Top
Ability to Execute
Product/Service: Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets and skills, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria. Overall Viability (Business Unit, Financial, Strategy, Organization): Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood of the individual business unit to continue investing in the product, to continue offering the product and to advance the state of the art within the organization's portfolio of products. Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support and the overall effectiveness of the sales channel. Market Responsiveness and Track Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness. Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message in order to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a
Market Overview
WAM delivers three primary functions for Web applications in the IAM portfolio: an access control "engine" to provide centralized authentication, authorization capabilities for those applications and an administration overlay to aid in both. This definition of WAM has served the market for more than a decade, and WAM solutions have delivered these functions to thousands of customers during that time. However, WAM as defined by this set of features has entered the final stages of market saturation. During the first decade of the 21st century, WAM has given enterprises quick access to the Web application universe, both for internal Web applications and to link with the Internet and with their customers, partners and other stakeholders. The Web application universe has evolved, however, and it isn't just about Web applications anymore. It now consists of combinations of "traditional" Web applications, application components, Web services components, and "mashups" of applets and platform services. As a result, this increasingly heterogeneous environment requires some form of authentication and authorization services. The result is that classic WAM market growth is slowing markedly. The total 2008 security revenue market share for WAM was 4%, and WAM revenue grew in 2007 and 2008 by just 7.7% the lowest growth rate of any of the security market subcategories Gartner covers. In fact, WAM is the only subcategory where the market is expected to shrink (only slightly) in 2009. That growth rate is expected to drop further to about 2.3% from 2008 to 2013. Few WAM vendors experienced strong customer-base growth in 2008, and many saw little growth or none at all.
2 of 17
5/11/2010 10:40 AM
WAM products are also undergoing something of an "identity crisis." WAM vendors have traditionally been viewed as authentication and authorization providers for Web applications, but this perception is beginning to change. Larger vendors are positioning their WAM products as centralized future entitlement enforcement policy repositories for new enterprise applications (Web and non-Web), or as components of access management suites. Others are promoting the use of their WAM solutions in a specific use case, as a first-stage cloud-computing solution for single sign-on (SSO). The term "Web access" is now being used less often to refer to Web application access and more often to refer to access to Internet-based solutions wherever they reside and whatever form they take (for example, Web application, Web service and composite application). The WAM market is widely accepted as being part of the overall IAM market, providing the "A" ("access") in IAM with its range of tools and processes. WAM products also provide proprietary integration points for some non-Web applications in addition to its core function of providing the verification of access to Web applications although the use of WAM for non-Web application access control remains limited. WAM products may also include basic identity administration (IA), role/rule life cycle management, audit and federation capabilities. IAM suite vendors that provide WAM as part of a multiproduct solution increasingly, and unsurprisingly, recommend their own user-provisioning products as a means of incorporating some level of user-provisioning functionality or integration. The vendor may offer integration with other IAM tools for example, enterprise single sign-on (ESSO), Secure Sockets Layer (SSL) virtual private networks (VPNs), public-key infrastructure (PKI), various authentication methods and consumer fraud detection systems. Current WAM Market Trends Gartner has identified a set of ongoing trends in the WAM market: Slowing growth: The WAM market grew 20% or more in 2005 and 2006, as measured by total deployments, but that growth is now declining Gartner estimates the WAM market to be flat in 2009. Approximately $545 million was spent for WAM licenses in 2008. Gartner estimates current WAM deployments worldwide (including enterprise and divisional deployments) at approximately 9,000, a point that we believe indicates near saturation of the market. However, the markets for other IAM products and for larger IAM suites continue to experience stronger growth. These include the markets for user-provisioning tools and ESSO tools. Non-seat-license pricing: Competition and downward pricing pressure have caused some vendors to explore alternatives to the standard per-user pricing structure that is prevalent in the market. This structure has traditionally included site- and enterprise-based licensing, but mechanisms such as per-processor/instance and concurrent-session pricing are now offered by a few vendors. The increasing pressure being placed on WAM solutions to support larger and larger extranet and service-centric infrastructures clearly requires more-flexible pricing models. Market consolidation: Large-vendor WAM solutions offer reasonable and sometimes even extensive functionality, often at competitive price points, and are backed by large, diverse organizations that often have relatively complete sets of associated IAM products and capable professional service organizations. For these reasons, the value propositions of the best-of-breed vendors are becoming less compelling, and many smaller providers are suffering as a result. More than 74% of all growth in the customer base in 2008 occurred among the largest vendors in the market. SMB-focused offerings for customers that do not require a full IAM suite or extensive WAM functionality are still attractive, but only when the vendor can offer low prices, simple integration or perhaps an innovative offering (such as P2 Security's WAM appliance). Compliance focus leading to interest in centralized
combination of publicity, promotional, thought leadership, word-of-mouth and sales activities. Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups and service-level agreements. Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure including skills, experiences, programs, systems, and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers' wants and needs, and can shape or enhance those with their added vision. Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements. Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base. Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature set as they map to current and future requirements. Business Model: The soundness and logic of the vendor's underlying business proposition. Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets. Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes. Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.
3 of 17
5/11/2010 10:40 AM
entitlement management: Compliance and audit requirements are driving enterprises to separate security, or at least authentication and authorization, from applications wherever possible. Security is increasingly seen as an "envelope" around business logic that should be managed and controlled separately, and this view is generating interest in heterogeneous access management solutions (that is, solutions that extend beyond the Web). This approach is also pushing WAM vendors to look for ways to extend their offerings to more enforcement points, either with increased functionality or via the acquisition of emerging entitlement management products, which are designed to extend the access management functions to any application. Market segmentation (access management suites vs. commodity WAM vs. consumer extranets): Specific WAM vendors are focusing on different, divergent areas as the market matures. Larger, enterprise-focused vendors (for example, CA, Evidian, IBM, Oracle, Novell, Siemens and Sun Microsystems) are developing access management suites that may include: WAM Platform access control Fine-grained entitlement management Identity federation Consumer fraud detection Web services security tools Adaptive authentication These functions may be combined with unified administration and audit facilities. Smaller vendors (for example, Cafesoft and P2 Security) are focusing on low-cost, low-complexity SMB-oriented offerings. A few vendors including EMC (RSA) and Entrust focus specifically on the consumer extranet. A focus on Microsoft-centric enterprises: Microsoft's Forefront Identity Manager is designed to make inroads into this market, mostly in IA, although it could be coupled with the company's expanded plans to address the cloud-computing environment (Project Geneva) and existing appliances (Internet Access Gateway) to deliver a form of WAM for Microsoft-centric customers. The need to address SaaS and cloud computing: WAM products are the leading technology architecture option for repurposing to serve as cloud-computing "construction kit" components for basic access, or as SaaS themselves for enterprises seeking to access multiple SaaS services from a cloud-computing environment. This represents a key growth option for WAM products in the IAM-asa-service market during the next five to 10 years. Overall price stability: The WAM market remains highly competitive, with downward pricing pressure resulting in discounting and aggressive sales tactics, but list pricing has remained relatively steady since mid-2007. For the most part, WAM pricing has reached levels that Gartner believes accurately reflect WAM's value. Per-user list pricing places 5,000-user costs (for external users) at an average of approximately $10 per user and 100,000-user costs at an average of approximately $3 per user. One-million-user pricing is generally less than $1 per user, but deployments of that size are more likely to use site licensing or other pricing models. Interest in user-centric identity frameworks (UCIFs): UCIFs such as OpenID and Information Cards include credentialing components designed to provide users (typically consumers) with easy-to-use, easy-to-manage credentials that can be used by many service providers. Most vendors have announced support for one or more forms of UCIF, or have support on their near-term product road maps. Low-assurance uses of UCIFs have had some success, and WAM support should prove valuable to consumer-focused enterprises. However, the lack of high-assurance credential providers and (in the case of Information Cards) the lack of a critical mass of deployed identity selector components will limit most enterprises' use of UCIFs in the short term, and potentially beyond. The ubiquity of federation components: Federation capabilities whether integrated or offered as an add-on module or stand-alone
4 of 17
5/11/2010 10:40 AM
component are now nearly ubiquitous in WAM offerings and in the requirements of WAM customers. The possible return of the appliance: Initial results of appliance-based WAM solutions have been mixed, as P2 Security's experience shows. However, Gartner believes that the current economic downturn and the evolution of WAM architecture are driving renewed interest in the WAM appliance as an alternative. Appliance vendors, such as Apere and Rohati Systems, are making efforts to move into the SMB markets, and networking equipment providers, such as F5, are creating alliances with major IAM vendors, such as Oracle, to offer WAM at the network switching interface. We believe that, as the economy slowly improves, the opportunities for such solutions will improve as well.
Return to Top
Market Definition/Description
The term "WAM" applies to technologies that use access control engines to provide centralized authentication and authorization capabilities for Web applications. WAM products may also include IA, role/rule management, and audit and federation capabilities, as well as standardized or proprietary integration points for non-Web applications. They may also incorporate some level of user-provisioning functionality, or integration with a user-provisioning tool, as well as integration with PKI or strong authentication mechanisms.
Return to Top
Inclusion and Exclusion Criteria

The WAM market includes general-purpose authentication and authorization engines that mainly enable SSO or reduced sign-on (RSO) to multiple Web applications in a clientless fashion. A traditional WAM product consists of a policy administration function and an enforcement function, and it is usually deployed in a proxy or agent architecture. ESSO products and SSL-based and other clientless remote-access products may offer basic authentication and coarse-grained authorization for Web-based applications. For some use cases, they present strong alternatives to WAM. However, these offerings differ from WAM tools, primarily because: They typically do not integrate complex IA capabilities, such as workflow, approval processing, directory management and role life cycle management. They generally have not been shown to scale to large extranet-type populations with users numbering in the hundreds of thousands or the millions. ESSO products usually require a client and are deployed internally.
Return to Top
Added
No vendors were added to the Magic Quadrant in 2009.
Return to Top
Dropped
Entegrity Solutions was dropped from the Magic Quadrant for 2009. We have received no communications from the company, and it appears to have
5 of 17
5/11/2010 10:40 AM
ceased operations. Gartner clients report similar experiences. Other Vendors Not Included in the Magic Quadrant Apere offers an appliance-based agentless Web SSO capability for SaaS and enterprise Web applications. Enterprises with access control solutions can extend SSO to SaaS applications using Apere's IMAG TrueSSO. Apere provides basic role-centered provisioning and base platform and application authorization for application development, mainframe, Web and client/server applications. Nexus offers the Argus Authentication Server, which provides basic WAM functionality. Although operable as a stand-alone product, Argus Authentication Server is most often sold only in support of other Nexus products, which are generally focused on PKI and certificate management functions. Symplified provides an appliance that addresses basic WAM functionality for SaaS solutions and delivers that capability as a service "in the cloud." The Symplified offering represents an early form of IAM as a service for WAM. University of Michigan's CoSign is an open-source WAM tool that has gained some users, mostly within the education vertical industry. Ilex Sign&go is an SSO infrastructure that includes ESSO and some WAM features, including federation. Sign&go has a small customer base, but, like Apere, Nexus and Symplified, it has little visibility in the WAM market as yet. Ping Identity is a focused identity federation vendor that provides well-regarded multiprotocol federation tools for enterprises and service providers, as well as SaaS access management services, but no other WAM functionality. Microsoft supports WAM-like functionality in Microsoft-only environments with Active Directory Domain Services and Active Directory Federation Services (ADFS), but has left WAM functionality for heterogeneous environments to third-party vendors. ADFS can technically be used as a WAM tool, because ADFS support has been developed for most non-Microsoft Web and application servers. The planned next version of ADFS is designed to be more flexible and, in concert with Forefront Unified Access Gateway, may offer a valid WAM option for Microsoft-centric customers.
Return to Top
Evaluation Criteria
Ability to Execute
Gartner analysts evaluate technology providers on the quality and efficacy of the processes, systems, methods or procedures that enable IT provider performance to be competitive, efficient and effective, as well as to improve revenue, retention and reputation. Ultimately, technology providers are judged on their ability and success in capitalizing on their visions. The Ability to Execute in the WAM market requires the following factors: Sales performance Recognition from competitors and Gartner clients Depth of product offering (taking into account what Gartner considers to be baseline functionality for any current product) Innovative pricing options The baseline WAM features for 2009 include: Fine-grained access control capabilities for Web and non-Web applications Access control policy administration features Global session management Reporting/audit capabilities
6 of 17
5/11/2010 10:40 AM
Multirepository support Many WAM purchase decisions are made in concert with those for other IAM products, especially user-provisioning and role life cycle management products, but spanning the entire range of IAM-related tools. Vendors that offer suite functionality have increased the Ability to Execute in these cases.
Table 1. Ability to Execute Evaluation Criteria Evaluation Criteria Product/Service Sales Execution/Pricing Market Responsiveness and Track Record Marketing Execution Customer Experience Operations
Return to Top
Weighting Standard Standard Low Low Standard Low
Overall Viability (Business Unit, Financial, Strategy, Organization) Standard
Completeness of Vision
Gartner analysts evaluate technology providers on their ability to convincingly articulate logical statements about market direction, innovation, customer needs and competitive forces, as well as on how well those statements map to Gartner's positions. Ultimately, technology providers are rated on their understanding of how they can exploit market forces to create opportunities. When evaluating a technology provider's Completeness of Vision in the WAM market, Gartner analysts consider several factors, including: Vision for the WAM product Vision for associated IAM requirements and capabilities Unique business model or focus Breadth of product in terms of what Gartner considers new, unique, differentiating or nonbaseline functionality In 2009, these features include: Strategic focus on enterprisewide access management and service-based functionality Bundled support for identity federation Dynamic access control; time-, situation- or other dynamicdata-based rules Integration with network access control systems Support for multiple security zones or multiple per-user roles
7 of 17
5/11/2010 10:40 AM
Table 2. Completeness of Vision Evaluation Criteria Evaluation Criteria Market Understanding Marketing Strategy Sales Strategy Business Model Vertical/Industry Strategy Innovation Geographic Strategy Weighting Low Standard Standard Low Low Low Low
Offering (Product) Strategy Standard

Return to Top
Leaders
The leaders in the WAM market for 2009 have matured, with larger vendors offering relatively strong products at reasonable prices, investing in new associated functionality and "complete identity management" strategies that leverage their customer bases for increased sales and market share. The leaders have experienced continued strong growth year over year, while almost every other entrant in the Magic Quadrant has experienced slower growth or no growth, or is working from a significantly smaller customer base. To lead in the WAM and larger access management markets in 2009 and beyond, vendors will need to focus on providing: A full-featured product The necessary organizational skill set Deployment scenarios and expertise Recommendations as to how individual customers can best use their products in their broader IAM initiatives
Return to Top
Challengers
Challengers have shown significant growth on a par with that of the leaders but have not been as visionary. These vendors have solid products, but have not been able to keep pace with their strategic objectives and the product innovations being offered by the leaders. Evidian is the only vendor identified as a challenger in the WAM Magic Quadrant for 2009.
Return to Top
Visionaries
Visionary vendors in the WAM market have consistently defined and met strategic objectives in differentiating their offerings from the pack, but have not shown the execution capabilities exhibited by the leaders or challengers. These vendors have products that are appealing from a functional standpoint, and they demonstrate innovative business strategies, but they have not translated these strengths into the customer base and revenue growth that characterize leaders and challengers. The visionary vendors in the 2009 Magic Quadrant (and some niche vendors) have often focused on
8 of 17
5/11/2010 10:40 AM
delivering solutions for specific use cases, rather than for the general market, whereas most leaders have also been able to exhibit a general-case vision.
Return to Top
Niche Players
Niche vendors in the WAM market offer solid products, but have not been able to distinguish themselves with customers through product differentiation or execution. Niche vendors' products have the potential to be "good enough" offerings at a reasonable price for some prospective WAM customers.
Return to Top
Vendor Strengths and Cautions

Cafesoft
Product: Cams Cafesoft Cams is a straightforward midmarket WAM offering, designed to leverage the enterprise directory infrastructure without significantly increasing administrative burdens. Cafesoft's marketing emphasizes quick installation and ease of management as competitive differentiators for Cams.
Return to Top
Strengths
Cafesoft prices Cams by concurrent user, rather than by users in the repository, a method that Gartner believes reflects the correct balance of vendor and customer needs. When considered in terms of average usage, Cams' pricing structure is one of the least expensive in the market. As a small, focused company, Cafesoft can react to customer needs quickly. Cafesoft has added virtual directory capability and Windows impersonation for access to Outlook Web Access and SharePoint, as well as support for several stronger authentication methods, and all these features should appeal to the midmarket.
Return to Top
Cautions
Cafesoft's small size means that it has limited sales, marketing and support capabilities. Cams has no built-in identity federation support, and Cafesoft does not offer this functionality in a companion product. Cams does not have a graphical user interface (GUI) for administration, although Cafesoft does sell a companion product, Cams Identity, that provides simple user administration and self-service password reset at an additional cost. Cafesoft's customer base has remained relatively flat during the past 18 months and is still small. Cafesoft, like Entrust, P2 Security and RSA, is not a full-service IAM vendor and offers no user-provisioning tool.
9 of 17
5/11/2010 10:40 AM
Return to Top
CA
Product: SiteMinder CA has successfully transitioned the SiteMinder brand and product from a best-of-breed tool to a flagship product that is part of a relatively complete IAM product suite. The company is a major global IT player, and its name recognition is the highest of any WAM vendor's. SiteMinder retains a large customer base. CA's strategy, which includes enhancements to SiteMinder and to associated federation and Web services/service-oriented architecture (SOA) security tools, and to CA's broader IAM offerings, is a sound one.
Return to Top
Strengths
CA's target market is primarily larger enterprises, with 60% of its installed customer base having more than 50,000 users each. The company does not market to SMBs, and its capabilities, feature set and marketing are specifically tailored to larger accounts. CA remains along with IBM and Oracle a viable option in almost every WAM project. Most other vendors' growth in this slowing market has been flat or down, but CA has shown continued customer growth. The most recent release of SiteMinder, R12, introduced significant feature enhancements and has been well-received by Gartner clients. CA's policy repository is unified across a broad range of IA and access management products, and extends to legacy systems through Access Control Facility 2 and Top Secret. The company plays an active role in international identity/security standards initiatives, and supports both technical standards, such as Service Provisioning Markup Language (SPML), and service management standards, such as the Information Technology Infrastructure Library (ITIL).
Return to Top
Cautions
CA's lack of focus on SMBs could become a problem in a highly mature market with few remaining segments that present growth opportunities. The company's pricing structure, which is oriented toward larger customers, typically makes its offerings somewhat expensive for small deployments. SiteMinder's extensions for federation and Web services security suffer from negative perceptions by some users, which are intensified by the fact that these additions to SiteMinder are not priced as part of the base WAM product.
Return to Top
EMC (RSA)
Product: RSA Access Manager RSA Access Manager is a full-featured WAM tool that supports enterprise deployments and focuses on consumer extranets, an area in which RSA has several companion products for consumer authentication and fraud detection.
Return to Top
10 of 17
5/11/2010 10:40 AM
Strengths
RSA Access Manager is a full-featured WAM tool, designed largely to support consumer extranets, but capable of operating within the enterprise. Access Manager offers out-of-the-box administrative roles, which should benefit enterprises implementing relatively standard deployments. When combined with RSA's companion authentication offerings, Access Manager delivers a sophisticated multilevel "step-up" authentication capability.
Return to Top
Cautions
RSA, like Cafesoft, Entrust and P2 Security, is not a full-service IAM vendor and offers no user-provisioning tool. RSA has a partnership with Courion, an independent user-provisioning vendor. Despite RSA's healthy customer base, RSA Access Manager's growth has been essentially flat during the past three years. RSA Access Manager does not include identity federation or significant audit functionality, both of which require separate licenses.
Return to Top
Entrust
Product: GetAccess Entrust is a small vendor that has versatile, full-featured technology at a low price, which makes it attractive for the midmarket and other cost-conscious buyers. GetAccess benefits from close integration with Entrust's traditional PKI, TruePass roaming certificate PKI and IdentityGuard authentication offerings. However, Entrust continues to suffer from significantly lower visibility in most markets, except Canada, even though Entrust's PKI offering is strongly represented in large-scale projects worldwide, especially in the government sector.
Return to Top
Strengths
Entrust has completely eliminated user-based pricing, which makes GetAccess appealing for consumer deployments. Identity federation with SAML 2.0 is built into GetAccess at no additional cost. Step-up authentication functionality, which enables multiple levels of authentication for different resources, is standard. Customers report satisfaction with Entrust's service desk, which is staffed by technical professionals, even at Level 1.
Return to Top
Cautions
The company's 2009 acquisition by the private equity investment firm Thoma Bravo introduced uncertainty among potential users about the future of Entrust products, including GetAccess. Gartner, however, has recorded no indications to date that the Entrust product line will change significantly.
11 of 17
5/11/2010 10:40 AM
GetAccess has not experienced significant customer-base growth in the past 24 months. While Entrust makes strong statements of support for GetAccess, lack of growth could lead to reduced development and support for the product. Entrust like Cafesoft, P2 Security and RSA is not considered a full-service IAM suite vendor, because it has no in-house user-provisioning offering. (The company offers an SPML interface to GetAccess that integrates with most major provisioning solutions.)
Return to Top
Evidian
Product: Web Access Manager The France-based Evidian (a division of Bull) offers a relatively modern and complete suite of IAM products. Evidian's WAM offering, Web Access Manager, appeals mostly to users of other Evidian IAM products, but Evidian has been successful in marketing to this group of buyers.
Return to Top
Strengths
Evidian has continued to grow its customer base even though that base remains small compared with the largest market players and must be considered a challenger at this point. Evidian has the only "local" offering in Europe with a significant customer base, although it is still underrepresented in other regions.
Return to Top
Cautions
Even though Evidian's growth has been strong and it is not the smallest vendor in the WAM market it remains a midsize vendor with comparatively limited resources. Web Access Manager is targeted primarily at Europe, where it is marketed directly by Evidian. To compete with IBM Tivoli, Siemens and others, Evidian will require a broader range of partnerships and markets. Gartner views Evidian's partnerships with NEC in the Asia/Pacific region and with Quest in North America (although not for Web Access Manager) to be steps in the right direction.
Return to Top
IBM
Products: Tivoli Federated Identity Manager (TFIM) and Tivoli Access Manager for e-business (TAMeb) IBM considers TFIM its main WAM offering, and TAMeb which is bundled with TFIM is essentially a stripped-down, low-cost alternative to the primary product. TFIM is a highly sophisticated offering, with built-in capabilities for simple federated provisioning and Web services security, as well as versatile identity federation capabilities.
Return to Top
Strengths
IBM, like CA and Oracle, is a viable option in almost every WAM
12 of 17
5/11/2010 10:40 AM
project, and continues to show customer growth, even though most other vendors' sales are flat or down. IBM Tivoli is recognized as a global player in service management, and has successfully leveraged that image in the IAM market in the past decade. Service partners, tiered global partnerships with system integrators (SIs), value-added resellers (VARs) and technical partners and IBM Tivoli's own global consultancy and integration organization provide project management expertise. IBM Tivoli has a formidable foundation in marketing and sales. Product management is part of the Tivoli product development model, which emphasizes external certifications and considerable customer feedback. The product and its marketing place additional emphasis on governance, risk and compliance management, as well as security information and event management. IBM TFIM combines the functionality of three products: a well-featured WAM product, a full-featured identity federation tool suitable for enterprise and service provider deployments, and a moderately well-featured Web services security tool. (IBM also offers a separate full-featured hardware-based Web services security product in WebSphere DataPower.) WAM-only functionality is offered via TAMeb, but IBM considers TFIM its offering for the WAM market. IBM has focused on extending its WAM offering in recent years through the creation of low-cost federation spokes and other SMB-targeted offerings.
Return to Top
Cautions
IBM Tivoli's ability to address complex IAM issues for clients is occasionally challenged by the complexity of its offerings. Gartner clients often report that Tivoli identity management products, including TFIM and TAMeb, are comparatively complex to deploy and manage, and professional services are often required for deployment. IBM has made an effort in this area recently with its SMB offering. TFIM and TAMeB have been among the most expensive offerings on the market for many years. Nearly comparable functionality from some other vendors in the space can be much cheaper to acquire and deploy, at least from a list-price perspective. Most TFIM deployments occur in IBM-centric environments. TFIM is still not considered for heterogeneous deployments nearly as often as offerings from other vendors, although Gartner has noted some use of the federation capabilities of TFIM in more-heterogeneous environments. TFIM and TAMeB are generally deployed only in proxy mode. IBM maintains that this is the best deployment mode for WAM, but most other products that have agent-mode deployments have large numbers of satisfied customers.
Return to Top
Novell
Product: Novell Access Manager (NAM) NAM is a full-featured WAM offering that benefits from full administration features that are uniform across Novell's entire IAM suite, as well as built-in SSL VPN, SSL concentration and federation capabilities. Novell strengthened its historically weak name recognition to become a leader in the IAM market in 2007 and 2008, but still does not command the same recognition and market share as CA, IBM or Oracle.
Return to Top
13 of 17
5/11/2010 10:40 AM
Strengths
Most of Novell's IAM products (including NAM) have been developed in-house. In general, Novell's IAM suite shows a higher level of integration than other suite vendor offerings. Novell has made a point of building a configurable header capability into NAM to smooth the replacement of competitive tools. Novell has made significant progress by effectively addressing issues with partnerships, sales, and marketing and competitive countermoves. The company combines these efforts with an innovative product and focused and consistent executive leadership. Novell's network of smaller, regionally based integration and consulting partners has been augmented with major integration providers, such as Atos Origin, Deloitte and Wipro Technologies, as well as global alliance partners, such as HP and SAP.
Return to Top
Cautions
Limited name recognition as a portfolio provider of IAM solutions remains an issue. Novell struggled to achieve recognition as a competitor with other suite vendors of IAM products. This is more of an issue for Novell than for the customer, but it raises questions about the company's overall capabilities in IAM. Novell has found customer growth challenging in the past two years. Gartner has seen some increase in interest in NAM, but this has not translated into significant growth relative to the overall market. Like IBM Tivoli's TFIM, NAM can be deployed only in proxy mode.
Return to Top
Oracle
Product: Oracle Access Manager (OAM) Oracle like CA and IBM is a leading global IT player that has begun to deliver strongly on its IAM strategy, with significant new customer acquisitions, a broadening network of global partnerships to deliver and maintain its solution, and refinements in product features and deployment strategy. Oracle appears to be committed to keeping its IAM products competitive, even in heterogeneous environments. The company benefits from its pervasive access, as a major database and enterprise application provider, to key decision makers in the private and public sectors. Oracle uses this access to take advantage of cross-selling opportunities with IAM.
Return to Top
Strengths
Oracle's recognition and presence in a broad range of IT markets, its influence with IT and business decision makers, and its global partnerships give it clear advantages particularly cross-selling opportunities in executing on its IAM strategy. Oracle now sells OAM as part of an integrated suite of access management components, including Oracle Identity Federation, Oracle Entitlements Server and Oracle Adaptive Access Manager, providing improved authorization functionality beyond Web applications, as well as fraud-detection capabilities. The wide range of access management functions in the suite puts Oracle in an excellent position to compete with broad suite offerings from CA and IBM. Oracle has established a network of global partnerships with SIs, VARs and technical partners, including companies such as Accenture, Deloitte, KPMG, PricewaterhouseCoopers and Wipro, and its own
14 of 17
5/11/2010 10:40 AM
consultancy and services in WAM and other areas of IAM have become more experienced. Along with IBM and CA, Oracle is a contender for almost every WAM project, and like those vendors and unlike most others has experienced continued customer growth in this maturing market. A recent agreement with F5 to deploy Access Manager on edge devices appears to have significant merit, because it may provide benefits in removing some deployment complexity for some customers.
Return to Top
Cautions
OAM's pricing model appears to be one of the best in the market, and its list prices are extremely attractive when the other components included in the OAM suite are considered. However, in comparison situations, Gartner has noted that Oracle's real-world costs are often merely competitive with those of vendors such as IBM and CA. Oracle integration and deployment have received mixed reviews, with problems attributed to uneven training and experience of sales, consultants and SIs for the product. Customers like the access to Oracle, but not the inconsistency in their experience with the products and support. Gartner expected most of these problems to be ironed out by 2009, but "growing pains" continue.
Return to Top
P2 Security
Product: maXecurity P2 Security has been in business for several years, building a small customer base for maXecurity, an appliance-based WAM offering. maXecurity is designed to provide WAM functionality in a comparatively simple-to-deploy form that does not require major changes to an enterprise's infrastructure.
Return to Top
Strengths
maXecurity is an appliance-based, agentless, reverse-proxy WAM offering, which makes ease of deployment and simplicity of management a major competitive differentiator. P2 prices maXecurity by concurrent user, rather than by users in the repository, and this approach should appeal to enterprises with large numbers of users that connect only infrequently. In keeping with its commoditization strategy, P2 provides segregation of duties and out-of-the-box virtual directory capabilities, as well as other simplifications that make maXecurity an appealing midmarket offering. In 2009, P2 added basic identity federation support, which enables enterprises to act as an identity provider and also eases replacement of competitive offerings with maXecurity appliances. The company, although small, is profitable and has the resources necessary to grow and evolve its product.
Return to Top
Cautions
P2 has the limited sales, marketing and support capabilities typical of
15 of 17
5/11/2010 10:40 AM
smaller vendors. The company, like most vendors in the WAM market, has had difficulty growing the maXecurity customer base in the past 18 months. maXecurity is a basic, no-frills WAM that works best in environments where significant enterprise (or user) directory management is already in place. P2 Security is not a full-service IAM vendor and offers no user-provisioning tool (although the company does have a working relationship with Fischer International, a smaller user-provisioning vendor). maXecurity has no associated Web services security capabilities.
Return to Top
Siemens
Product: DirX Access DirX Access is part of Siemens' IAM suite. Although relatively comprehensive, Siemens' offering came late to the market and has not achieved significant market share.
Return to Top
Strengths
DirX Access offers a service-based architecture and considerable leading-edge functionality. DirX Access is deployable as infrastructure or as an embedded application service. As a non-North American vendor, Siemens is appealing to enterprises that may want an international or non-U.S. vendor.
Return to Top
Cautions
Siemens' clear focus is on leveraging the Siemens customer base, and on doing so directly, rather than through partners. This approach may make it difficult for Siemens to compete on an equal basis with IAM market leaders. Siemens has a comparatively low profile in North America, and faces difficulties in making a name in the crowded WAM space and the broader IAM space against mature competitors. DirX Access, which was introduced in 2007, is a relatively new entrant in the WAM market, and Siemens has not grown any significant customer base as yet. The DirX Access team is relatively small, and may not be able to keep up with the demands of larger numbers of customers for enhancements and product support. Siemens does have significant resources from other groups to draw on if necessary.
Return to Top
Sun Microsystems
Product: Sun OpenSSO Enterprise Sun Microsystems has been a leader in the WAM market and the larger IAM market due to a combination of technical platform expertise, diverse and experienced partnerships in consulting and SI, a growing customer base, and consistent customer service. However, the company's announced
16 of 17
5/11/2010 10:40 AM
acquisition by Oracle has caused significant confusion in the marketplace regarding the viability of the Sun IAM product line.
Return to Top
Strengths
OpenSSO Enterprise is a full-featured product, with identity federation, SOA capabilities and built-in Web services security functions. Sun has played a leadership role in open-source WAM through the OpenSSO project (as well as OpenDS for directory services), which gives the company a potential customer base and the benefits of the work of the OpenSSO community. When this option is taken into account, Sun offers the widest variety of pricing options of any WAM vendor, and the company also has appealing standard pricing. Sun has focused on ancillary functionality as a means of easing deployment, including federation partner offerings "fedlets" designed to ease the task of bringing on partners as well as standard, out-of-the-box, task-based workflows. Sun's Partner Advantage Program remains a model for covering consulting, system integration, VAR and independent software vendor needs for IAM customers.
Return to Top
Cautions
The confusion surrounding Sun's announced acquisition by Oracle "froze" the market for OpenSSO Enterprise to some extent, because Oracle has a competing product in the space, and it remains unclear at this point whether Sun's products have a long-term future. The open-source community around OpenSSO will undoubtedly continue, but Gartner cautions that Oracle's support for the OpenSSO initiative may not be significant.
Return to Top
The Magic Quadrant is copyrighted 12 November 2009 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2009 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.
17 of 17
5/11/2010 10:40 AM

MQ Wam Nov2009

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MQ Wam Nov2009

Uploaded by

Copyright:

Available Formats

Magic Quadrant for Web Access Management

What You Need to Know

Magic Quadrant for Web Access Management

SOA SSL SSO

Source: Gartner (November 2009)

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Inclusion and Exclusion Criteria

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Weighting Standard Standard Low Low Standard Low

Overall Viability (Business Unit, Financial, Strategy, Organization) Standard

Magic Quadrant for Web Access Management

Offering (Product) Strategy Standard

Source: Gartner (November 2009)

Magic Quadrant for Web Access Management

Vendor Strengths and Cautions

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

Magic Quadrant for Web Access Management

You might also like