Identity & access management (IAM)

What is IAM?

  • A set of business process and tools for providing access to the right resources at the right time for the right reasons. Providing visibility into who has access to what and why along with how the
    access is being used.
  • IAM is not just about protecting organisations against main threats such as insider threats and credential theft, it is also about business enablement and improving the end-user experience.

Why it matters

  • According to a survey from The Identity Defined Security Alliance 94% of organizations have had an identity-related breach, which 99% believe could have been prevented.
Blue ballGreen ballYellow ballRed ballPurple ballDiagonal straight linescurvesoutlinesX-labels-Years0-2 years2-5 years5+ yearsY-labels-AreasIAM
0-2 years
2-5 years
5+ years

0-2 years

2-5 years

5+ years

The landscape

Real-time prevention

The Move to the cloud and “as a Service models”

This will continue to evolve as tools become cloud-native and are true SaaS tools.

Real-time prevention

The use of machine learning and behavioral analytics

for a more dynamic or adaptive way of working where decisions are made in near real time.

Top-down identification

Extending the role of identities and access
beyond people and traditional roles and entitlements

Identities are no longer limited to carbon-based units and are taking the form of devices (e.g. IoT) and applications (e.g. RPA).

Top-down identification

Zero Trust Architecture (ZTA)

recognition of the insider as a key threat is forcing organizations to rethink the importance of identity and concepts such as the Principle of Least Privilege.

Key figures


of those technologies are either already adopted by most organizations or will be in the next two years.


of those technologies are expected to be adopted in the next 2 to 5 years cycle.


of those technologies are transformational and wide spread adoption will take over 5 years.