Gartner magic quadrant identity and access management

What is Gartner research?

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

As organizations prioritize their identity and access management (IAM) initiatives for 2022, they should choose ongoing and incremental projects to evolve their IAM deployments. This fits changing organization needs better by being more flexible and less siloed and by requiring fewer manual operations.

Recommendations:

Security and risk management technical professionals focused on IAM should:

• Improve security by removing implicit user (human and machine) trust from all computing infrastructure over time and replacing it with explicitly evaluated, real-time adaptive trust for just enough access to enterprise resources
• Reduce risk by prioritizing the rollout of foundational best practices, such as multifactor authentication, zero standing privileges and zero-trust architecture if not already fully implemented
• Enhance IAM agility and reach by removing silos and incrementally adopting the distributed, composable cybersecurity mesh architecture approach when making architectural decisions
• Optimize distributed architecture by evolving IAM governance, processes and infrastructure to efficiently support hybrid/multicloud environments