IAM – Identity And Access Management

Are they who they say they are? Digital has made identity & access management (IAM) crucial and complicated. Read our insights.

Discover how Forrester supports IT leaders.

Insights

Blog

Meet The New Analyst Covering IAM: Geoff Cairns

Geoff Cairns August 25, 2022
What Topics Will You Be Covering At Forrester? I am very excited to be covering identity and access management (IAM), with a focus on the workforce environment (business to employee). I will also collaborate with Forrester’s other IAM analyst, Andras Cser. Some areas and topics that I hope to explore include: How to optimize workforce […]
Blog

The State Of Decentralized Digital Identities

Andras Cser August 19, 2022
Learn the value of decentralized digital identities in this preview of Forrester’s Security & Risk event, November 8–9.

Prepare Your Infrastructure For 2023 Change

Get our Predictions 2023 guide to explore the infrastructure shifts driving transformation and resiliency.

Blog

SailPoint To Be Acquired By Private Equity Firm Thoma Bravo For $6.9 Billion

Andras Cser April 13, 2022
On Monday, April 11, 2022, identity management and governance (IMG) vendor SailPoint announced that it was being bought by private equity (PE) firm Thoma Bravo for $6.9 billion. This is not the first rodeo for Thoma Bravo with SailPoint; in 2014, the PE firm bought out SailPoint’s original venture capital investors and remained an owner […]
Blog

Okta Lapsus$ Compromise: How To Make Sure You’re Protected

Merritt Maxim March 24, 2022
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog

Evolve Your IAM Strategy For Today’s Digital Employee And Customer

Merritt Maxim March 16, 2022
Identity and access management (IAM) is the control plane for determining a root of trust for all digital identities. Effective IAM must validate identities, secure access, manage privileges, and be optimized for hardened security, good user experience, and operational efficiency across all user populations — your workforce, partners, customers, and machine identities. Effective and efficient […]
Blog

SentinelOne Secures Identity First, Deception Second, In Attivo Acquisition

David Holmes March 15, 2022
Endpoint security and extended detection and response (XDR) vendor SentinelOne today announced the acquisition of Attivo Networks for just over $600 million. Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure. Enterprise identity plays a critical role in the Zero Trust world mandated […]
Blog

Don’t Hit The Curb — Instead, Curb The Risk Of Emerging Technologies In 2022!

Andras Cser February 4, 2022
Find out why these five technology categories are causing security decision-makers the most concern.

Shape Your 2023 Cybersecurity Priorities For Uncertain Times

Join us for a planning webinar to learn how you can budget and align your 2023 cybersecurity plans for what’s ahead.

Blog

S&R Forum 2021: Passwordless Authentication Adoption Is Gaining Momentum

Sean Ryan November 8, 2021
Passwordless authentication, in the form of inherence factors (e.g., fingerprint, facial) or in the form of possession factors (e.g., device, app, token/certificate) and supplemented by other factors (e.g., location, user behavior), is an emerging authentication technology that will protect organizations from brute force attacks, credential stuffing, phishing, and social engineering tactics. If carefully selected and […]
Blog

Perspectives On One Identity’s Acquisition Of OneLogin

Merritt Maxim October 8, 2021
On October 4, 2021, identity and access management (IAM) vendor One Identity announced plans to acquire identity-as-a-service (IDaaS) vendor OneLogin for an undisclosed amount. Founded in 2009, OneLogin is an established pure-play IDaaS vendor that primarily serves midmarket enterprises, with a unified platform for employees, partners, and customers, and has raised over $170 million in […]
Blog

Okta Acquires Identity Orchestration And CIAM Vendor Auth0 For $6.5B

Andras Cser March 4, 2021
Forrester analysts take a detailed look at what's driving the unprecedented premium being paid in this acquisition.
Blog

GRC And IAM — Better Together

Sean Ryan February 11, 2021
Struggling to define where GRC ends and IAM begins? Get a clear breakdown of how the two functions should work together in a broader risk management strategy.
Blog

It Is A Privilege To Announce The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020

Sean Ryan November 19, 2020
Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]
Blog

Dealing With The Access Hoarders In Your Organization

Sean Ryan November 11, 2020
Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]
Blog

How A Password Manager Could Save Your Marriage

Brian Kime October 29, 2020
My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]
Blog

New Research: Emerging Use Cases And Risks For Biometrics

Merritt Maxim October 1, 2020
Biometric authentication is a powerful technology with many compelling use cases but is not without controversy and distinct risks. What are users’ privacy rights in how biometric information is processed and stored? How are biometrics regulated around the world? How can the use of biometrics lead to discriminatory practices? What security shortcomings are associated with […]
Blog

The Security Snapshot: Improving Your Security Posture During A Global Crisis

Joseph Blankenship August 24, 2020
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]
Blog

CyberArk Scoops Up Idaptive

Sean Ryan May 14, 2020
Read Forrester's take on CyberArk announcing its acquisition of identity-as-a-service vendor Idaptive.
Blog

Privileged Identity Management Solutions Must Secure Growing Diversity Of Use Cases

Sean Ryan April 9, 2020
Last week, Forrester published its latest overview of the privileged identity management (PIM) market, which can be found here. In it, we provide an overview of the 17 leading PIM vendors and categorized each vendor as either a PIM specialist or PIM suite provider , along with a market segmentation based on geography and annual […]
Blog

Two-Factor Authentication (2FA) Or Multifactor Authentication (MFA)? That Is The Question

Sean Ryan October 29, 2019
We, as security practitioners, need to be mindful about what we mean when we say “2FA” or “MFA.” These terms are often used interchangeably. The confusion is understandable, since 2FA is a subset of MFA. However, just like Halloween candy, MFA (including 2FA) comes in many flavors. Let’s unpack these terms and consider the various […]
Blog

A Typical Day Of Analyst Life

Heidi Shey June 27, 2019
We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]
More posts