Identity and access management (IAM) will begin to be more of a service industry within two years, according to Gartner.
Gartner has claimed that by 2011, hosted IAM and IAM as a service will account for 20 per cent of all IAM revenue, as companies look to reduce the costs of implementation and use.
As it prepares for the Identity & Access Management Summit 2009, Gartner analysts have identified forward-looking assumptions around smartcard authentication, identity-aware networks, hosted IAM and out-of-band (OOB) authentication.
It claimed that managed IAM services will address relatively mature implementations as it will enable customers to focus their technical planning and delivery on less-mature feature sets such as access and intelligence.
Gartner recommended that existing IAM solutions users evaluate the service-based options for extending the solutions, rather than significantly upgrading those solutions.
It also claimed that those companies that have not deployed a significant IAM solution should include service and appliance options in their review to gauge the progress of IAM maturity and its suitability.
Ant Allan, research vice president at Gartner, said: "There is a continuing need in this time of economic uncertainty and budgetary constraints for cost-effective, risk-appropriate IAM methods. This includes growing demand for identity-aware networking, host- and service-based IAM offerings and the search for protection from increasingly effective malware attacks against consumer accounts.
"Organisations that need to safeguard customer accounts should implement a three-pronged security strategy that includes risk-appropriate user authentication, fraud detection, and transaction verification for high-risk transactions."
It further claimed that by 2011, 20 per cent of smartcard authentication projects will be abandoned and 30 per cent scaled back in favour of lower-cost, lower-assurance authentication methods.
Gartner said that a risk-based approach might force some organisations to implement two or more authentication methods, which are likely to include smartcards.
It also claimed that by 2010, approximately 15 per cent of global organisations storing or processing sensitive customer data will use out-of-band authentication for high-risk transactions as ‘the security measures that most financial institutions and other service providers have in place are proving inadequate in the face of new cybercrime attacks against customer accounts'.
Neil Hollister, CEO of CRYPTOCard, said: "In the SMB and mid-market we're seeing significant demand for our managed authentication service. Short-term market issues such as capital expenditure freezes are driving businesses to move security spend into OPEX and reduce the risk of incurring hidden costs down-the-line. Furthermore, the appeal of five-nine SLAs means organisations can apply benchmarks against business continuity.
"However, enterprise adoption of cloud-based IAM services will take longer. Enterprises are concerned that the integration of directory, management reporting and network access control capabilities are still in their infancy. Towards the close of 2009 we anticipate that the technology to enable these features will have significantly evolved, and an enterprise-quality managed authentication service will be a reality."
