IAM – Identity And Access Management

Are they who they say they are? Digital has made identity & access management (IAM) crucial and complicated. Read our insights.

Discover how Forrester supports IT leaders.



S&R Forum 2021: Passwordless Authentication Adoption Is Gaining Momentum

Sean Ryan November 8, 2021
Passwordless authentication, in the form of inherence factors (e.g., fingerprint, facial) or in the form of possession factors (e.g., device, app, token/certificate) and supplemented by other factors (e.g., location, user behavior), is an emerging authentication technology that will protect organizations from brute force attacks, credential stuffing, phishing, and social engineering tactics. If carefully selected and […]

Perspectives On One Identity’s Acquisition Of OneLogin

Merritt Maxim October 8, 2021
On October 4, 2021, identity and access management (IAM) vendor One Identity announced plans to acquire identity-as-a-service (IDaaS) vendor OneLogin for an undisclosed amount. Founded in 2009, OneLogin is an established pure-play IDaaS vendor that primarily serves midmarket enterprises, with a unified platform for employees, partners, and customers, and has raised over $170 million in […]

Predictions 2022 Live

Chart a bold path to success in 2022. Hear our predictions for the year ahead.


Okta Acquires Identity Orchestration And CIAM Vendor Auth0 For $6.5B

Andras Cser March 4, 2021
Forrester analysts take a detailed look at what's driving the unprecedented premium being paid in this acquisition.

GRC And IAM — Better Together

Sean Ryan February 11, 2021
Struggling to define where GRC ends and IAM begins? Get a clear breakdown of how the two functions should work together in a broader risk management strategy.

It Is A Privilege To Announce The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020

Sean Ryan November 19, 2020
Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]

Dealing With The Access Hoarders In Your Organization

Sean Ryan November 11, 2020
Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]

How A Password Manager Could Save Your Marriage

Brian Kime October 29, 2020
My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]

European Predictions 2022

Visit our resource hub to discover the key trends impacting European businesses in 2022.


New Research: Emerging Use Cases And Risks For Biometrics

Merritt Maxim October 1, 2020
Biometric authentication is a powerful technology with many compelling use cases but is not without controversy and distinct risks. What are users’ privacy rights in how biometric information is processed and stored? How are biometrics regulated around the world? How can the use of biometrics lead to discriminatory practices? What security shortcomings are associated with […]

The Security Snapshot: Improving Your Security Posture During A Global Crisis

Joseph Blankenship August 24, 2020
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]

CyberArk Scoops Up Idaptive

Sean Ryan May 14, 2020
Read Forrester's take on CyberArk announcing its acquisition of identity-as-a-service vendor Idaptive.

Privileged Identity Management Solutions Must Secure Growing Diversity Of Use Cases

Sean Ryan April 9, 2020
Last week, Forrester published its latest overview of the privileged identity management (PIM) market, which can be found here. In it, we provide an overview of the 17 leading PIM vendors and categorized each vendor as either a PIM specialist or PIM suite provider , along with a market segmentation based on geography and annual […]

Two-Factor Authentication (2FA) Or Multifactor Authentication (MFA)? That Is The Question

Sean Ryan October 29, 2019
We, as security practitioners, need to be mindful about what we mean when we say “2FA” or “MFA.” These terms are often used interchangeably. The confusion is understandable, since 2FA is a subset of MFA. However, just like Halloween candy, MFA (including 2FA) comes in many flavors. Let’s unpack these terms and consider the various […]

See the future and gain a competitive advantage for 2022

Discover 12 trends our research reveals will matter most next year. Download our Predictions 2022 Guide.


A Typical Day Of Analyst Life

Heidi Shey June 27, 2019
We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]

The CIAM Implications Of The Facebook/Cambridge Analytica Scandal

Merritt Maxim April 11, 2018
My fellow Forrester analysts have been covering the data and privacy implications of the Facebook/Cambridge Analytica scandal in several excellent blog posts, such as this one and this from yesterday, but this scandal has highlighted some CIAM-specific implications that CISOs and CMOs need to assess, particularly around the future role of social login. For those […]

M&A In The IAM Market Is Off To A Strong Start In 2018

Merritt Maxim February 1, 2018
We’re only one month into 2018 and have already witnessed a surge in M&A activity in the IAM space. Since January 1, 2018, four major IAM related deals, totaling over $1 billion (based on reported amounts and Forrester estimates on certain transactions), have been announced: • KPMG acquired Cyberinc. • One Identity acquired Balabit. • […]

Identity For Profit

What It Means November 16, 2017
Forrester Vice President and Principal Analyst Andras Cser discusses how identity management can enhance customer experiences and drive growth.

XACML is dead

Andras Cser May 7, 2013
Conversations with vendors and IT end users at Forrester's Security lead us to predict that XACML (the lingua franca for centralized entitlement management and authorization policy evaluation and enforcement) is largely dead or will be transformed into access control (see Quest APS, a legacy entititlement management platform based on BiTKOO, which will probably be morphed […]

Identity Protocol Gut Check

Forrester August 8, 2012
Protocol gut check. That's how someone recently described some research I've got under way for a report we're calling the "TechRadar™ for Security Pros: Zero Trust Identity Standards," wherein we'll assess the business value-add of more than a dozen identity-related standards and open protocols. But it's also a great name for an episode of angst that […]