It is not too often that a press release actually catches my eye. After all, press releases (especially about product releases) seem to have devolved into proclamations wherein every company is the "market leader" or "leading provider" of "market leading solutions for X." However, that was not the case today when I read this release about a research report on the size of the identity management marketplace by Global Industry Analysts. Now, to be fair, I've never heard of Global Industry Analysts before -- and one must always wonder what the methodology is that results in a market sizing. But, even with that said, the following was interesting:
"Increasingly stringent regulatory requirements continue to propel growth in the market for identity management software. Governments worldwide are enacting regulations that protect information for safeguarding privacy. Helped along by positive trends, the market is projected to reach $4.9 billion in 2012."
4.9 billion is a big number. But its not that number that caught my eye, it was this tidbit buried further in the release:
"Authorization represents the largest segment with sales estimated at $1.6 billion in 2007. Market for authentication software in the US is expected to cross the $500-million mark by 2013."
Authorization and Authentication have long been the twin pillars of identity management. Indeed, identity management "insiders" have long referred to the two terms by "AuthZ" (authorization) and "AuthN" (authentication). The surprising thing is just HOW FAR ahead in pure dollars this report estimates the authorization market stands. After all, most people would probably argue that identity management grew from ideas of authentication, and eventually seeped into authorization (via directories).
It does, of course, make sense. Authorization - or "entitlement management," or "RBAC," or any of the many names it goes by, encompasses most of the critical functions within modern identity management deployments. But that fact alone gives rise to the specter of how far we are from true identity *assurance* - as enrollment and real authentication seems to lag behind.
Modern CSOs are grappling with these issues most blatantly as they think about and implement systems that provide convergence of physical and logical access control.
