The brand new Gartner Magic Quadrant for Access Management was just released. As a recent addition to SecureAuth’s leadership team and a huge advocate for our vision in preventing the misuse of stolen credentials, I didn’t expect to see us in the Niche portion of the MQ. At first I thought, how could this be possible? How can a company that has been focused on access control suddenly be so far from leading an access management market? Further consideration and reflection led me to think maybe it’s not us after all. Let me explain.
In 2014, SecureAuth was on the cusp of the leaders’ quadrant in the User Authentication MQ. Then there was an Identity-as-a-Service MQ completed in 2016 where SecureAuth was not listed as we are not considered an IDaaS vendor. Now in 2017 a new Access Management quadrant is created, but it reads very much like a merging of IDaaS and User Authentication. For instance, core functions include:
- Centralized Authentication
- Single Sign-On
- Session Management
- Expectation for on-prem and cloud
- Support native mobile or hybrid mobile
- API support for B2E, B2B, and B2C use case
Looking at the core functionality it seems mind-bending that SecureAuth is considered Niche in these areas, but take a closer look at the non-core functionality listed:
- Identity Administration
- Password Reset
- Enterprise Mobility Management
- Identity Synchronization
- Identity Repository Services
One can certainly presume a great deal of attention was given to the non-core functions in consideration to placement in the AM quadrant. There was little to no mention of functionality such as adaptive authentication or identity-based threat detection. Both are critical to actually increasing security and reducing the risk of credential abuse -- two items I am sure the access management market cares about.
So what if the quadrant is wrong? Not wrong in who they placed where, as we all know a lot goes into that placement, but potentially wrong in how the market is defined? If breaches are occurring on a daily rate and 81% of those breaches are caused by compromised credentials, if 5 billion credentials are known to exist for sale on the dark web, if 38% of users claim they will sell their password for $150, then why are we not worrying more about preventing and detecting the misuse of those credentials? What will Identity Administration, Enterprise Mobility Management, Identity Synchronization, or Identity Repository services do to combat the statistics above? The answer is nothing!! The only solutions that stand a chance of having success in reducing the numbers given above is a solution that focuses on usage and misusage, that layers adaptive controls in front of 2FA and SSO so that security and end-user experience maintain an important and proper balance. The market definition should give much heavier attention to adaptive authentication, identity-based threat detection, and truly providing a platform that works at its core on access management and to prevent the misuse of stolen credentials.
Learn how SecureAuth leads the way in preventing the misuse of compromised credentials through adaptive authentication here: www.secureauth.com/adaptive.