Since its founding in 2007, the company has focused on providing all three pillars of IAM in an infrastructure-as-a-service (IaaS) model. Lighthouse Gateway is built on IBM Tivoli IAM technology that was developed and deployed by U.S. Air Force engineers, and for the last five years Lighthouse has been dedicated to addressing issues the mid-market and commercial spaces are having with meeting compliance and privacy regulations.
However, the market has grown and matured, and now there are IAM offerings from a variety of vendors – both on-premise and in the cloud. According to Eric Maass, CTO of Lighthouse Security Group and the former chief security architect for the U.S. Air Force's Global Combat Support System, the on-premise technology has become something of a commodity.
"The biggest trend that we're seeing is organizations are finally starting to realize this is a commodity. If we were a new entrant into the market place as another on-premise vendor, it would be very crowded and difficult to break into the market," Maass said.
IDC reports the IAM market leaders include IBM, CA, Oracle, NetIQ/Novell, Courion, Hitachi ID and Quest Software. According to Andras Cser, principal analyst specializing in security and risk at Forrester, IAM is a fairly nascent market, with Okta, Symplified, Simeio Systems, Wipro and Atos Origin being some of the more noteworthy vendors. In the case of Lighthouse, he notes that the vendor typically provides its IAM services to customers that already have an IBM IAM license.
"They play well in integrating customers' applications with the hosted IBM TIM offering," Cser says. However, the company is working with a delivery model that is largely untested, is relatively small to many of its competitors, and is still building out its customer base, he says.
The well-known drivers of flexibility and reduced costs are creating an interest in SaaS-based IAM services, states Sally Hudson, research director for cloud identity at IDC. Additionally, customers that have adopted IAM in an IaaS form have reaped benefits that include increased security, the minimizing of administration, ensuring adherence to standards and consistent policy enforcement, she says.
Last year at the Open Group Jericho Forum, chief information security officers (CISOs) focused on the seemingly diametrically opposed demands for both a more collaborative and more secure IT environment, and published the Identity, Entitlement and Access Management Commandments. IdEA is a set of 14 open and interoperable principles that IT professionals can use to build a user-centric security framework within their organizations.