mq wam nov2009

7/31/2019 Mq Wam Nov2009

1/17

12 November 2009

Ray Wagner, Earl Perkins, Gregg Kreizman

Gartner RAS Core Research Note G00172037

The Web access management market has reached the mature stage. Future success in this market will be based onspecific use cases, commodity solutions and expanding feature sets designed to address broader access managementneeds.

What You Need to Know

The "classic" Web access management (WAM) technologies, and the marketfor those technologies, have reached maturity. Vendors in this market cando little with the current feature set except to continue to fine-tune forperformance and scale. The future of WAM lies in an expansion of itsfeatures to deliver more-general-purpose access management solutions forinternal- and external-facing needs. WAM will eventually give way to access

management across the entire spectrum of applications and services. Theexpansion of WAM will be augmented by boundary technologies, such asdata loss prevention, that will provide greater granularity and more contextfor an authorization event. Identity federation user-centric frameworks willplay an increasingly importantly role in WAM as vendors address customers'experiences with technical, political and legal issues related to its expandeduse. Entitlement management for non-Web applications may be a functionset in this "new and improved" WAM, but it will remain complex andslow-growing for some time, due to the lack of standardization acrossdifferent generations of applications and infrastructure.

For most of the vendors in the WAM market, growth has been slow, flat or

even slightly negative, partly as a result of the worldwide economicdownturn, but also due to market saturation and maturity. Small or midsizebusinesses (SMBs) may still offer a growth opportunity, and this segment ofthe market has shown some interest in nascent cloud-computing, andparticularly software-as-a-service (SaaS), alternatives to traditionalpremises-based WAM technologies, even though these offerings are less

mature. WAM offerings will increasingly be commoditized, and this trendwill drive increasing use of appliance- and service-based WAM delivery. Ingeneral terms, this largely saturated market has too many players, andGartner expects consolidation and departures from the market andcommoditization to continue. Continued success in this market willrequire significant competitive differentiation, with vendors addressing theneeds of specialized use cases.

Return to Top

Strategic P lanning Assumpt ion

By 2010, successful vendors in the now-mature

WAM market and the larger identity andaccess management (IAM) market will focus

on expanding functionality beyond traditionalWeb access and refining operational WAMpractices to address specific use cases.

Acronym Key and G lossary Terms

AD Active Directory

ADFS Active Directory FederationServices

ESSO enterprise single sign-on

I A identity administration

I AM identity and accessmanagement

I LM Identity Life cycle Manager

LDAP Lightweight Directory AccessProtocol

NAM Novell Access Manager

OA M Oracle Access Manager

PK I public-key infrastructure

RSO reduced sign-on

SaaS software as a service

SAML Security Assertion MarkupLanguage

SI system integrator

c Quadrant for Web Access Management http://www.gartner.com/technology/media-products/reprints/orac

7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

2/17

7/31/2019 Mq Wam Nov2009

3/17

WAM products are also undergoing something of an "identity crisis." WAMvendors have traditionally been viewed as authentication and authorizationproviders for Web applications, but this perception is beginning to change.Larger vendors are positioning their WAM products as centralized futureentitlement enforcement policy repositories for new enterprise applications(Web and non-Web), or as components of access management suites.Others are promoting the use of their WAM solutions in a specific use case,as a first-stage cloud-computing solution for single sign-on (SSO). The term"Web access" is now being used less often to refer to Web application

access and more often to refer to access to Internet-based solutionswherever they reside and whatever form they take (for example, Webapplication, Web service and composite application).

The WAM market is widely accepted as being part of the overall IAM market,providing the "A" ("access") in IAM with its range of tools and processes.WAM products also provide proprietary integration points for some non-Webapplications in addition to its core function of providing the verification of

access to Web applications although the use of WAM for non-Webapplication access control remains limited. WAM products may also includebasic identity administration (IA), role/rule life cycle management, auditand federation capabilities.

IAM suite vendors that provide WAM as part of a multiproduct solutionincreasingly, and unsurprisingly, recommend their own user-provisioning

products as a means of incorporating some level of user-provisioningfunctionality or integration. The vendor may offer integration with other IAMtools for example, enterprise single sign-on (ESSO), Secure SocketsLayer (SSL) virtual private networks (VPNs), public-key infrastructure (PKI),various authentication methods and consumer fraud detection systems.

Cur r en t W A M M ar k e t T r ends

Gartner has identified a set of ongoing trends in the WAM market:

Sl o w i n g g r o w t h : The WAM market grew 20% or more in 2005 and2006, as measured by total deployments, but that growth is nowdeclining Gartner estimates the WAM market to be flat in 2009.Approximately $545 million was spent for WAM licenses in 2008.Gartner estimates current WAM deployments worldwide (including

enterprise and divisional deployments) at approximately 9,000, apoint that we believe indicates near saturation of the market.

However, the markets for other IAM products and for larger IAM suitescontinue to experience stronger growth. These include the markets foruser-provisioning tools and ESSO tools.

Non- s ea t - l i c ens e p r i c i ng : Competition and downward pricingpressure have caused some vendors to explore alternatives to thestandard per-user pricing structure that is prevalent in the market.This structure has traditionally included site- and enterprise-based

licensing, but mechanisms such as per-processor/instance andconcurrent-session pricing are now offered by a few vendors. Theincreasing pressure being placed on WAM solutions to support larger

and larger extranet and service-centric infrastructures clearly requiresmore-flexible pricing models.

M ar k e t c ons o l i da t i on : Large-vendor WAM solutions offerreasonable and sometimes even extensive functionality, often atcompetitive price points, and are backed by large, diverseorganizations that often have relatively complete sets of associatedIAM products and capable professional service organizations. For

these reasons, the value propositions of the best-of-breed vendors arebecoming less compelling, and many smaller providers are sufferingas a result. More than 74% of all growth in the customer base in 2008occurred among the largest vendors in the market. SMB-focusedofferings for customers that do not require a full IAM suite orextensive WAM functionality are still attractive, but only when thevendor can offer low prices, simple integration or perhaps aninnovative offering (such as P2 Security's WAM appliance).

Com p l i anc e focus l ead ing t o i n te r es t i n c en t r a l i z ed

combination of publicity, promotional, thought

leadership, word-of-mouth and sales activities.

Customer Experience: Relationships, products

and services/programs that enable clients to besuccessful with the products evaluated.

Specifically, this includes the ways customersreceive technical support or account support.This can also include ancillary tools, customer

support programs (and the quality thereof),availability of user groups and service-levelagreements.

Operat ions: The ability of the organization to

meet its goals and commitments. Factors includethe quality of the organizational structureincluding skills, experiences, programs, systems,and other vehicles that enable the organization

to operate effectively and efficiently on anongoing basis.

Completeness of Vision

Market Unders tand ing : Ability of the vendorto understand buyers' wants and needs and to

translate those into products and services.Vendors that show the highest degree of visionlisten and understand buyers' wants and needs,

and can shape or enhance those with theiradded vision.

Market ing S t ra tegy: A clear, differentiated setof messages consistently communicatedthroughout the organization and externalized

through the website, advertising, customerprograms and positioning statements.

Sales St rategy : The strategy for sellingproducts that uses the appropriate network of

direct and indirect sales, marketing, service andcommunication affiliates that extend the scopeand depth of market reach, skills, expertise,

technologies, services and the customer base.

Of fer ing (P roduct ) S t ra tegy: The vendor's

approach to product development and deliverythat emphasizes differentiation, functionality,

methodology and feature set as they map tocurrent and future requirements.

Business Model : The soundness and logic of

the vendor's underlying business proposition.

Ver t i ca l/ I ndust ry S t ra tegy: The vendor'sstrategy to direct resources, skills and offerings

to meet the specific needs of individual marketsegments, including vertical markets.

I n n o va t io n : Direct, related, complementary andsynergistic layouts of resources, expertise or

capital for investment, consolidation, defensiveor pre-emptive purposes.

Geographic St rategy: The vendor's strategyto direct resources, skills and offerings to meet

the specific needs of geographies outside the"home" or native geography, either directly orthrough partners, channels and subsidiaries as

appropriate for that geography and market.


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

4/17

e n t i t l e m e n t m a n a g e m e n t : Compliance and audit requirements aredriving enterprises to separate security, or at least authentication andauthorization, from applications wherever possible. Security isincreasingly seen as an "envelope" around business logic that shouldbe managed and controlled separately, and this view is generatinginterest in heterogeneous access management solutions (that is,solutions that extend beyond the Web). This approach is also pushingWAM vendors to look for ways to extend their offerings to more

enforcement points, either with increased functionality or via theacquisition of emerging entitlement management products, which are

designed to extend the access management functions to anyapplication.

M ar k e t s egm en t a t i on ( ac ces s m an agem en t s u i t es v s.

c om m od i t y W A M v s . c onsum er ex t r an e ts ) : Specific WAM vendorsare focusing on different, divergent areas as the market matures.Larger, enterprise-focused vendors (for example, CA, Evidian, IBM,Oracle, Novell, Siemens and Sun Microsystems) are developing accessmanagement suites that may include:

WAMPlatform access controlFine-grained entitlement managementIdentity federationConsumer fraud detectionWeb services security toolsAdaptive authentication

These functions may be combined with unified administration andaudit facilities. Smaller vendors (for example, Cafesoft and P2Security) are focusing on low-cost, low-complexity SMB-orientedofferings. A few vendors including EMC (RSA) and Entrust focusspecifically on the consumer extranet.

A foc us on M ic r oso f t - c en t r i c en t e r p r i s es: Microsoft's ForefrontIdentity Manager is designed to make inroads into this market, mostlyin IA, although it could be coupled with the company's expandedplans to address the cloud-computing environment (Project Geneva)and existing appliances (Internet Access Gateway) to deliver a form of

WAM for Microsoft-centric customers.

The need t o add r es s S aaS and c loud c om pu t ing : WAM productsare the leading technology architecture option for repurposing toserve as cloud-computing "construction kit" components for basic

access, or as SaaS themselves for enterprises seeking to accessmultiple SaaS services from a cloud-computing environment. Thisrepresents a key growth option for WAM products in the IAM-as-a-service market during the next five to 10 years.

Ov er a l l p r i c e s tab i l i t y : The WAM market remains highlycompetitive, with downward pricing pressure resulting in discounting

and aggressive sales tactics, but list pricing has remained relativelysteady since mid-2007. For the most part, WAM pricing has reachedlevels that Gartner believes accurately reflect WAM's value. Per-userlist pricing places 5,000-user costs (for external users) at an averageof approximately $10 per user and 100,000-user costs at an averageof approximately $3 per user. One-million-user pricing is generally

less than $1 per user, but deployments of that size are more likely touse site licensing or other pricing models.

I n t e r e s t i n u s e r -ce n t r i c i d e n t i t y f r a m e w o r k s ( U CI Fs ) : UCIFssuch as OpenID and Information Cards include credentialingcomponents designed to provide users (typically consumers) witheasy-to-use, easy-to-manage credentials that can be used by manyservice providers. Most vendors have announced support for one ormore forms of UCIF, or have support on their near-term product roadmaps. Low-assurance uses of UCIFs have had some success, andWAM support should prove valuable to consumer-focused enterprises.

However, the lack of high-assurance credential providers and (in thecase of Information Cards) the lack of a critical mass of deployedidentity selector components will limit most enterprises' use of UCIFsin the short term, and potentially beyond.

Th e u b i q u i t y o f f e d e r a t i o n c o m p o n e n t s : Federation capabilities whether integrated or offered as an add-on module or stand-alone


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

5/17

component are now nearly ubiquitous in WAM offerings and in therequirements of WAM customers.The poss ib le r e tu r n o f t he app l i an c e : Initial results ofappliance-based WAM solutions have been mixed, as P2 Security'sexperience shows. However, Gartner believes that the currenteconomic downturn and the evolution of WAM architecture are drivingrenewed interest in the WAM appliance as an alternative. Appliancevendors, such as Apere and Rohati Systems, are making efforts to

move into the SMB markets, and networking equipment providers,such as F5, are creating alliances with major IAM vendors, such as

Oracle, to offer WAM at the network switching interface. We believethat, as the economy slowly improves, the opportunities for suchsolutions will improve as well.

Return to Top

Market Definition/Description

The term "WAM" applies to technologies that use access control engines toprovide centralized authentication and authorization capabilities for Webapplications. WAM products may also include IA, role/rule management, and

audit and federation capabilities, as well as standardized or proprietaryintegration points for non-Web applications. They may also incorporate

some level of user-provisioning functionality, or integration with auser-provisioning tool, as well as integration with PKI or strongauthentication mechanisms.

Return to Top

Inclusion and Exclusion Criteria

The WAM market includes general-purpose authentication and authorization

engines that mainly enable SSO or reduced sign-on (RSO) to multiple Webapplications in a clientless fashion. A traditional WAM product consists of apolicy administration function and an enforcement function, and it is usuallydeployed in a proxy or agent architecture. ESSO products and SSL-basedand other clientless remote-access products may offer basic authenticationand coarse-grained authorization for Web-based applications. For some usecases, they present strong alternatives to WAM. However, these offeringsdiffer from WAM tools, primarily because:

They typically do not integrate complex IA capabilities, such asworkflow, approval processing, directory management and role lifecycle management.

They generally have not been shown to scale to large extranet-typepopulations with users numbering in the hundreds of thousands or themillions.ESSO products usually require a client and are deployed internally.

Return to Top

Added

No vendors were added to the Magic Quadrant in 2009.

Return to Top

Dropped

Entegrity Solutions was dropped from the Magic Quadrant for 2009. Wehave received no communications from the company, and it appears to have


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

6/17

ceased operations. Gartner clients report similar experiences.

Oth er V endor s No t I nc luded in t he M ag ic Quadr an t

Apere offers an appliance-based agentless Web SSO capability forSaaS and enterprise Web applications. Enterprises with access controlsolutions can extend SSO to SaaS applications using Apere's IMAGTrueSSO. Apere provides basic role-centered provisioning and baseplatform and application authorization for application development,

mainframe, Web and client/server applications.Nexus offers the Argus Authentication Server, which provides basic

WAM functionality. Although operable as a stand-alone product, ArgusAuthentication Server is most often sold only in support of otherNexus products, which are generally focused on PKI and certificatemanagement functions.Symplified provides an appliance that addresses basic WAMfunctionality for SaaS solutions and delivers that capability as aservice "in the cloud." The Symplified offering represents an earlyform of IAM as a service for WAM.

University of Michigan's CoSign is an open-source WAM tool that hasgained some users, mostly within the education vertical industry.Ilex Sign&go is an SSO infrastructure that includes ESSO and someWAM features, including federation. Sign&go has a small customerbase, but, like Apere, Nexus and Symplified, it has little visibility inthe WAM market as yet.

Ping Identity is a focused identity federation vendor that provideswell-regarded multiprotocol federation tools for enterprises andservice providers, as well as SaaS access management services, butno other WAM functionality.

Microsoft supports WAM-like functionality in Microsoft-onlyenvironments with Active Directory Domain Services and ActiveDirectory Federation Services (ADFS), but has left WAM functionalityfor heterogeneous environments to third-party vendors. ADFS cantechnically be used as a WAM tool, because ADFS support has beendeveloped for most non-Microsoft Web and application servers. The

planned next version of ADFS is designed to be more flexible and, inconcert with Forefront Unified Access Gateway, may offer a valid WAMoption for Microsoft-centric customers.

Return to Top

Evaluation Criteria

Ability to Execute

Gartner analysts evaluate technology providers on the quality and efficacy ofthe processes, systems, methods or procedures that enable IT providerperformance to be competitive, efficient and effective, as well as to improve

revenue, retention and reputation. Ul timately, technology providers arejudged on their abil ity and success in capitalizing on their visions. TheAbility to Execute in the WAM market requires the following factors:

Sales performanceRecognition from competitors and Gartner clientsDepth of product offering (taking into account what Gartner considersto be baseline functionality for any current product)Innovative pricing options

The baseline WAM features for 2009 include:

Fine-grained access control capabilities for Web and non-WebapplicationsAccess control policy administration featuresGlobal session managementReporting/audit capabilities


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

7/17

Multirepository support

Many WAM purchase decisions are made in concert with those for other IAMproducts, especially user-provisioning and role life cycle managementproducts, but spanning the entire range of IAM-related tools. Vendors thatoffer suite functionality have increased the Ability to Execute in these cases.

Table 1 . Ab i l i ty t o Execut e Eva luat ion Cr i t e r ia

Ev alu at ion Cr i t e r ia W eig h t in g

Product/Service Standard

Overall Viability (Business Unit, Financial, Strategy, Organization) Standard

Sales Execution/Pricing Standard

Market Responsiveness and Track Record Low

Marketing Execution Low

Customer Experience Standard

Operations Low

Source: Gar tn er (Novemb er 2009)

Return to Top

Completeness of Vision

Gartner analysts evaluate technology providers on their ability to

convincingly articulate logical statements about market direction,innovation, customer needs and competitive forces, as well as on how wellthose statements map to Gartner's positions. Ultimately, technology

providers are rated on their understanding of how they can exploit marketforces to create opportunities. When evaluating a technology provider'sCompleteness of Vision in the WAM market, Gartner analysts considerseveral factors, including:

Vision for the WAM product

Vision for associated IAM requirements and capabilitiesUnique business model or focus

Breadth of product in terms of what Gartner considers new, unique,differentiating or nonbaseline functionality

In 2009, these features include:

Strategic focus on enterprisewide access management andservice-based functionalityBundled support for identity federationDynamic access control; time-, situation- or other dynamic-data-based rulesIntegration with network access control systems

Support for multiple security zones or multiple per-user roles


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

8/17

Table 2 . Com ple ten ess o f V is ionEva luat ion Cr i t e r ia

Ev alu at ion Cr i t e r ia W eig h t in g

Market Understanding Low

Marketing Strategy Standard

Sales Strategy Standard

Offering (Product) Strategy Standard

Business Model Low

Vertical/Industry Strategy Low

Innovation Low

Geographic Strategy Low

Source: Gar tn er (Novemb er 2009)

Return to Top

Leaders

The leaders in the WAM market for 2009 have matured, with larger vendorsoffering relatively strong products at reasonable prices, investing in newassociated functionality and "complete identity management" strategies thatleverage their customer bases for increased sales and market share. Theleaders have experienced continued strong growth year over year, whilealmost every other entrant in the Magic Quadrant has experienced slowergrowth or no growth, or is working from a significantly smaller customerbase. To lead in the WAM and larger access management markets in 2009and beyond, vendors will need to focus on providing:

A full-featured productThe necessary organizational skill set

Deployment scenarios and expertiseRecommendations as to how individual customers can best use their

products in their broader IAM initiatives

Return to Top

Challengers

Challengers have shown significant growth on a par with that of the

leaders but have not been as visionary. These vendors have solidproducts, but have not been able to keep pace with their strategic objectivesand the product innovations being offered by the leaders. Evidian is the only

vendor identified as a challenger in the WAM Magic Quadrant for 2009.

Return to Top

Visionaries

Visionary vendors in the WAM market have consistently defined and metstrategic objectives in differentiating their offerings from the pack, but have

not shown the execution capabilities exhibited by the leaders or challengers.These vendors have products that are appealing from a functionalstandpoint, and they demonstrate innovative business strategies, but they

have not translated these strengths into the customer base and revenuegrowth that characterize leaders and challengers. The visionary vendors inthe 2009 Magic Quadrant (and some niche vendors) have often focused on


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

9/17

delivering solutions for specific use cases, rather than for the generalmarket, whereas most leaders have also been able to exhibit a general-casevision.

Return to Top

Niche Players

Niche vendors in the WAM market offer solid products, but have not beenable to distinguish themselves with customers through product

differentiation or execution. Niche vendors' products have the potential tobe "good enough" offerings at a reasonable price for some prospective WAMcustomers.

Return to Top

Vendor Strengths and Cautions

Cafesoft

Produc t : Cams

Cafesoft Cams is a straightforward midmarket WAM offering, designed toleverage the enterprise directory infrastructure without significantlyincreasing administrative burdens. Cafesoft's marketing emphasizes quickinstallation and ease of management as competitive differentiators forCams.

Return to Top

Strengths

Cafesoft prices Cams by concurrent user, rather than by users in therepository, a method that Gartner believes reflects the correct balance

of vendor and customer needs. When considered in terms of averageusage, Cams' pricing structure is one of the least expensive in themarket.As a small, focused company, Cafesoft can react to customer needsquickly.

Cafesoft has added virtual directory capability and Windowsimpersonation for access to Outlook Web Access and SharePoint, aswell as support for several stronger authentication methods, and allthese features should appeal to the midmarket.

Return to Top

Cautions

Cafesoft's small size means that it has limited sales, marketing andsupport capabilities.Cams has no built-in identity federation support, and Cafesoft doesnot offer this functionality in a companion product.Cams does not have a graphical user interface (GUI) for

administration, although Cafesoft does sell a companion product,Cams Identity, that provides simple user administration andself-service password reset at an additional cost.Cafesoft's customer base has remained relatively flat during the past18 months and is still small.Cafesoft, like Entrust, P2 Security and RSA, is not a full-service IAMvendor and offers no user-provisioning tool.


7 5/11/2010 1

7/31/2019 Mq Wam Nov2009

10/17

Return to Top

CA

Pr oduc t : S i t eM in de r

CA has successfully transitioned the SiteMinder brand and product from abest-of-breed tool to a flagship product that is part of a relatively completeIAM product suite. The company is a major global IT player, and its name

recognition is the highest of any WAM vendor's. SiteMinder retains a largecustomer base. CA's strategy, which includes enhancements to SiteMinder

and to associated federation and Web services/service-oriented architecture(SOA) security tools, and to CA's broader IAM offerings, is a sound one.

Return to Top

Strengths

CA's target market is primarily larger enterprises, with 60% of itsinstalled customer base having more than 50,000 users each. Thecompany does not market to SMBs, and its capabilities, feature setand marketing are specifically tailored to larger accounts.CA remains along with IBM and Oracle a viable option in almostevery WAM project. Most other vendors' growth in this slowing markethas been flat or down, but CA has shown continued customer growth.The most recent release of SiteMinder, R12, introduced significantfeature enhancements and has been well-received by Gartner clients.CA's policy repository is unified across a broad range of IA and access

management products, and extends to legacy systems through AccessControl Facility 2 and Top Secret.The company plays an active role in international identity/securitystandards initiatives, and supports both technical standards, such asService Provisioning Markup Language (SPML), and servicemanagement standards, such as the Information TechnologyInfrastructure Library (ITIL).

Return to Top

Cautions

CA's lack of focus on SMBs could become a problem in a highlymature market with few remaining segments that present growthopportunities.

The company's pricing structure, which is oriented toward largercustomers, typically makes its offerings somewhat expensive for smalldeployments.SiteMinder's extensions for federation and Web services securitysuffer from negative perceptions by some users, which are intensifiedby the fact that these additions to SiteMinder are not priced as part ofthe base WAM product.

Return to Top

EMC (RSA)

Produc t : RSA Access Mana ger

RSA Access Manager is a full-featured WAM tool that supports enterprisedeployments and focuses on consumer extranets, an area in which RSA hasseveral companion products for consumer authentication and frauddetection.

Return to Top


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

11/17

Strengths

RSA Access Manager is a full-featured WAM tool, designed largely tosupport consumer extranets, but capable of operating within theenterprise.

Access Manager offers out-of-the-box administrative roles, whichshould benefit enterprises implementing relatively standarddeployments.

When combined with RSA's companion authentication offerings,Access Manager delivers a sophisticated multilevel "step-up"authentication capability.

Return to Top

Cautions

RSA, like Cafesoft, Entrust and P2 Security, is not a full-service IAMvendor and offers no user-provisioning tool. RSA has a partnershipwith Courion, an independent user-provisioning vendor.Despite RSA's healthy customer base, RSA Access Manager's growthhas been essentially flat during the past three years.RSA Access Manager does not include identity federation or significant

audit functionality, both of which require separate licenses.

Return to Top

Entrust

Produc t : GetAccess

Entrust is a small vendor that has versatile, full-featured technology at a lowprice, which makes it attractive for the midmarket and other cost-consciousbuyers. GetAccess benefits from close integration with Entrust's traditionalPKI, TruePass roaming certificate PKI and IdentityGuard authenticationofferings. However, Entrust continues to suffer from significantly lower

visibility in most markets, except Canada, even though Entrust's PKI offeringis strongly represented in large-scale projects worldwide, especially in thegovernment sector.

Return to Top

Strengths

Entrust has completely eliminated user-based pricing, which makes

GetAccess appealing for consumer deployments.Identity federation with SAML 2.0 is built into GetAccess at noadditional cost.Step-up authentication functionality, which enables multiple levels of

authentication for different resources, is standard.Customers report satisfaction with Entrust's service desk, which isstaffed by technical professionals, even at Level 1.

Return to Top

Cautions

The company's 2009 acquisition by the private equity investment firmThoma Bravo introduced uncertainty among potential users about the

future of Entrust products, including GetAccess. Gartner, however,has recorded no indications to date that the Entrust product line willchange significantly.


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

12/17

GetAccess has not experienced significant customer-base growth inthe past 24 months. While Entrust makes strong statements ofsupport for GetAccess, lack of growth could lead to reduceddevelopment and support for the product.Entrust like Cafesoft, P2 Security and RSA is not considered afull-service IAM suite vendor, because it has no in-houseuser-provisioning offering. (The company offers an SPML interface toGetAccess that integrates with most major provisioning solutions.)

Return to Top

Evidian

Produc t : W eb Access Mana ger

The France-based Evidian (a division of Bull) offers a relatively modern andcomplete suite of IAM products. Evidian's WAM offering, Web AccessManager, appeals mostly to users of other Evidian IAM products, but Evidianhas been successful in marketing to this group of buyers.

Return to Top

Strengths

Evidian has continued to grow its customer base even though thatbase remains small compared with the largest market players andmust be considered a challenger at this point.

Evidian has the only "local" offering in Europe with a significantcustomer base, although it is still underrepresented in other regions.

Return to Top

Cautions

Even though Evidian's growth has been strong and it is not the

smallest vendor in the WAM market it remains a midsize vendor

with comparatively limited resources.Web Access Manager is targeted primarily at Europe, where it ismarketed directly by Evidian. To compete with IBM Tivoli, Siemensand others, Evidian will require a broader range of partnerships andmarkets. Gartner views Evidian's partnerships with NEC in theAsia/Pacific region and with Quest in North America (although not forWeb Access Manager) to be steps in the right direction.

Return to Top

IBM

Pr oduc ts : T i v ol i Fede r a ted I den t i t y M anager ( TFI M ) and T i v o l i

Access Manage r fo r e - bus in ess (TAMeb)

IBM considers TFIM its main WAM offering, and TAMeb which is bundledwith TFIM is essentially a stripped-down, low-cost alternative to theprimary product. TFIM is a highly sophisticated offering, with built-incapabilities for simple federated provisioning and Web services security, aswell as versatile identity federation capabilities.

Return to Top

Strengths

IBM, like CA and Oracle, is a viable option in almost every WAM


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

13/17

project, and continues to show customer growth, even though mostother vendors' sales are flat or down.IBM Tivoli is recognized as a global player in service management,and has successful ly leveraged that image in the IAM market in thepast decade. Service partners, tiered global partnerships withsystem integrators (SIs), value-added resellers (VARs) and technicalpartners and IBM Tivoli's own global consultancy and integrationorganization provide project management expertise.

IBM Tivoli has a formidable foundation in marketing and sales.Product management is part of the Tivoli product development model,

which emphasizes external certifications and considerable customerfeedback. The product and its marketing place additional emphasis ongovernance, risk and compliance management, as well as securityinformation and event management.IBM TFIM combines the functionality of three products: awell-featured WAM product, a full-featured identity federation toolsuitable for enterprise and service provider deployments, and amoderately well-featured Web services security tool. (IBM also offers

a separate full-featured hardware-based Web services security productin WebSphere DataPower.) WAM-only functionality is offered viaTAMeb, but IBM considers TFIM its offering for the WAM market. IBMhas focused on extending its WAM offering in recent years through thecreation of low-cost federation spokes and other SMB-targetedofferings.

Return to Top

Cautions

IBM Tivoli's ability to address complex IAM issues for clients isoccasionally challenged by the complexity of its offerings. Gartnerclients often report that Tivoli identity management products,

including TFIM and TAMeb, are comparatively complex to deploy andmanage, and professional services are often required for deployment.IBM has made an effort in this area recently with its SMB offering.TFIM and TAMeB have been among the most expensive offerings onthe market for many years. Nearly comparable functionality fromsome other vendors in the space can be much cheaper to acquire and

deploy, at least from a list-price perspective.Most TFIM deployments occur in IBM-centric environments. TFIM isstill not considered for heterogeneous deployments nearly as often asofferings from other vendors, although Gartner has noted some use of

the federation capabilities of TFIM in more-heterogeneousenvironments.TFIM and TAMeB are generally deployed only in proxy mode. IBMmaintains that this is the best deployment mode for WAM, but mostother products that have agent-mode deployments have largenumbers of satisfied customers.

Return to Top

Novell

Produc t : Nove l l Access Manager ( NAM)

NAM is a full-featured WAM offering that benefits from full administrationfeatures that are uniform across Novell's entire IAM suite, as well as built-in

SSL VPN, SSL concentration and federation capabilities. Novell strengthenedits historically weak name recognition to become a leader in the IAM marketin 2007 and 2008, but still does not command the same recognition andmarket share as CA, IBM or Oracle.

Return to Top


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

14/17

Strengths

Most of Novell's IAM products (including NAM) have been developedin-house. In general, Novell's IAM suite shows a higher level ofintegration than other suite vendor offerings.Novell has made a point of building a configurable header capabilityinto NAM to smooth the replacement of competitive tools.Novell has made significant progress by effectively addressing issues

with partnerships, sales, and marketing and competitivecountermoves. The company combines these efforts with aninnovative product and focused and consistent executive leadership.

Novell's network of smaller, regionally based integration andconsulting partners has been augmented with major integrationproviders, such as Atos Origin, Deloitte and Wipro Technologies, aswell as global alliance partners, such as HP and SAP.

Return to Top

Cautions

Limited name recognition as a portfolio provider of IAM solutionsremains an issue. Novell struggled to achieve recognition as acompetitor with other suite vendors of IAM products. This is more ofan issue for Novell than for the customer, but it raises questions

about the company's overall capabilities in IAM.Novell has found customer growth challenging in the past two years.

Gartner has seen some increase in interest in NAM, but this has nottranslated into significant growth relative to the overall market.Like IBM Tivoli's TFIM, NAM can be deployed only in proxy mode.

Return to Top

Oracle

Produc t : Oracle Access Mana ger ( OAM)

Oracle like CA and IBM is a leading global IT player that has begun to

deliver strongly on its IAM strategy, with significant new customeracquisitions, a broadening network of global partnerships to deliver andmaintain its solution, and refinements in product features and deployment

strategy. Oracle appears to be committed to keeping its IAM productscompetitive, even in heterogeneous environments. The company benefitsfrom its pervasive access, as a major database and enterprise applicationprovider, to key decision makers in the private and public sectors. Oracleuses this access to take advantage of cross-selling opportunities with IAM.

Return to Top

Strengths

Oracle's recognition and presence in a broad range of IT markets, itsinfluence with IT and business decision makers, and its globalpartnerships give it clear advantages particularly cross-sellingopportunities in executing on its IAM strategy.Oracle now sells OAM as part of an integrated suite of access

management components, including Oracle Identity Federation, OracleEntitlements Server and Oracle Adaptive Access Manager, providingimproved authorization functionality beyond Web applications, as wellas fraud-detection capabilities. The wide range of access managementfunctions in the suite puts Oracle in an excellent position to competewith broad suite offerings from CA and IBM.Oracle has established a network of global partnerships with SIs,VARs and technical partners, including companies such as Accenture,Deloitte, KPMG, PricewaterhouseCoopers and Wipro, and its own


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

15/17

consultancy and services in WAM and other areas of IAM have becomemore experienced.Along with IBM and CA, Oracle is a contender for almost every WAMproject, and like those vendors and unlike most others hasexperienced continued customer growth in this maturing market.A recent agreement with F5 to deploy Access Manager on edgedevices appears to have significant merit, because it may providebenefits in removing some deployment complexity for some

customers.

Return to Top

Cautions

OAM's pricing model appears to be one of the best in the market, andits l ist prices are extremely attractive when the other components

included in the OAM suite are considered. However, in comparisonsituations, Gartner has noted that Oracle's real-world costs are oftenmerely competitive with those of vendors such as IBM and CA.Oracle integration and deployment have received mixed reviews, withproblems attributed to uneven training and experience of sales,consultants and SIs for the product. Customers like the access toOracle, but not the inconsistency in their experience with the products

and support. Gartner expected most of these problems to be ironed

out by 2009, but "growing pains" continue.

Return to Top

P2 Security

P r oduc t : m aX ec ur i t y

P2 Security has been in business for several years, building a smallcustomer base for maXecurity, an appliance-based WAM offering.maXecurity is designed to provide WAM functionality in a comparativelysimple-to-deploy form that does not require major changes to anenterprise's infrastructure.

Return to Top

Strengths

maXecurity is an appliance-based, agentless, reverse-proxy WAMoffering, which makes ease of deployment and simplicity ofmanagement a major competitive differentiator.

P2 prices maXecurity by concurrent user, rather than by users in therepository, and this approach should appeal to enterprises with largenumbers of users that connect only infrequently.In keeping with its commoditization strategy, P2 provides segregationof duties and out-of-the-box virtual directory capabilities, as well as

other simplif ications that make maXecurity an appealing midmarketoffering.In 2009, P2 added basic identity federation support, which enablesenterprises to act as an identity provider and also eases replacement

of competitive offerings with maXecurity appliances.The company, although small, is profitable and has the resourcesnecessary to grow and evolve its product.

Return to Top

Cautions

P2 has the limited sales, marketing and support capabilities typical of


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

16/17

smaller vendors.The company, like most vendors in the WAM market, has haddifficulty growing the maXecurity customer base in the past 18months.maXecurity is a basic, no-frills WAM that works best in environmentswhere significant enterprise (or user) directory management isalready in place.P2 Security is not a full-service IAM vendor and offers no

user-provisioning tool (although the company does have a workingrelationship with Fischer International, a smaller user-provisioning

vendor).maXecurity has no associated Web services security capabilities.

Return to Top

Siemens

Produc t : D i rX Access

DirX Access is part of Siemens' IAM suite. Although relativelycomprehensive, Siemens' offering came late to the market and has notachieved significant market share.

Return to Top

Strengths

DirX Access offers a service-based architecture and considerableleading-edge functionality.DirX Access is deployable as infrastructure or as an embedded

application service.As a non-North American vendor, Siemens is appealing to enterprisesthat may want an international or non-U.S. vendor.

Return to Top

Cautions

Siemens' clear focus is on leveraging the Siemens customer base, andon doing so directly, rather than through partners. This approach maymake it difficult for Siemens to compete on an equal basis with IAMmarket leaders.Siemens has a comparatively low profile in North America, and facesdifficulties in making a name in the crowded WAM space and thebroader IAM space against mature competitors.

DirX Access, which was introduced in 2007, is a relatively new entrantin the WAM market, and Siemens has not grown any significantcustomer base as yet.The DirX Access team is relatively small, and may not be able to keepup with the demands of larger numbers of customers for

enhancements and product support. Siemens does have significantresources from other groups to draw on if necessary.

Return to Top

Sun Microsystems

Produc t : Sun OpenSSO Ent erpr ise

Sun Microsystems has been a leader in the WAM market and the larger IAMmarket due to a combination of technical platform expertise, diverse andexperienced partnerships in consulting and SI, a growing customer base,and consistent customer service. However, the company's announced


17 5/11/2010 1

7/31/2019 Mq Wam Nov2009

17/17

acquisition by Oracle has caused significant confusion in the marketplaceregarding the viability of the Sun IAM product line.

Return to Top

Strengths

OpenSSO Enterprise is a full-featured product, with identityfederation, SOA capabilities and built-in Web services securityfunctions.Sun has played a leadership role in open-source WAM through theOpenSSO project (as well as OpenDS for directory services), whichgives the company a potential customer base and the benefits of thework of the OpenSSO community. When this option is taken intoaccount, Sun offers the widest variety of pricing options of any WAMvendor, and the company also has appealing standard pricing.

Sun has focused on ancillary functionality as a means of easingdeployment, including federation partner offerings "fedlets"designed to ease the task of bringing on partners as well asstandard, out-of-the-box, task-based workflows.Sun's Partner Advantage Program remains a model for coveringconsulting, system integration, VAR and independent software vendorneeds for IAM customers.

Return to Top

Cautions

The confusion surrounding Sun's announced acquisition by Oracle"froze" the market for OpenSSO Enterprise to some extent, because

Oracle has a competing product in the space, and it remains unclearat this point whether Sun's products have a long-term future. Theopen-source community around OpenSSO will undoubtedly continue,but Gartner cautions that Oracle's support for the OpenSSO initiativemay not be significant.

Return to Top

The Magic Quadrant is copyrighted 12 Novem ber 200 9 by Gartner, I nc. and is reused with

permission. The Magic Quadrant is a graphical representation of a m arketplace at and for a specific

tim e period. It depicts Gartner's analysis of how certain vendors measure against criteria for t hat

marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service

depicted in t he Magic Quadrant, and does not advise t echnology users to select only those vendors

placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is

not m eant t o be a specific guide to action. Gartner disclaims all warranties, express or implied,

with respect to this research, including any warranties of merchantability or fitness for a particular

purpose.

200 9 Gartner, I nc. and/ or its Aff iliates. All Rights Reserved. Reproduction and distribution of this

publication in any form without prior written permission is forbidden. The information contained

herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as

to t he accuracy, com pleteness or adequacy of such informat ion. Although Gartner's research may

discuss legal issues related t o t he inform ation t echnology business, Gartner does not provide legal

advice or services and its research should not be construed or used as such. Gartner shall have no

liability f or errors, omissions or inadequacies in the informat ion contained herein or for

interpretat ions thereof. The opinions expressed herein are subject t o change without notice.


mq wam nov2009

Documents