Before the crisp fall air reaches us and the scent of pumpkin spice lands on menus everywhere, it’s time to take a moment to reflect on a flurry of new analyst reports that were released in late summer by Gartner.
Gartner 2023 Zero Trust Networking Report
Released in late July, the new Gartner Hype Cycle for Zero Trust Networking explained a clear vision for zero trust as “replac[ing] implicit trust with continuously assessed risk and trust levels, based on identity and context.” What is exceptionally interesting is how Gartner addresses that while there is marketing jargon around zero trust, “it is fundamentally a mindset or paradigm that leads to a strategy for, and implementation of, specific architectures and technologies.”
One of the strategies addressed in this report is the Continuous Access Evaluation Profile (CAEP). Classified by analyst Erik Wahlstrom as a “Moderately Beneficial” Innovation, CAEP offers identity professionals the ability to listen for signals across an organization’s identity fabric. Gartner recognizes CAEP as “a near-real-time mechanism to validate claims, request step-up authentication“ which “enables higher assurance levels of sessions and a better user experience.”
SGNL believes CAEP will be central to maximizing the potential of all identity technologies in an organization’s identity stack by improving communication between systems, which improves threat detection and promptly reduces the footprint of a compromise. This kind of interoperability will allow largely disparate identity technologies to connect in a more immediate and actionable identity landscape.
SGNL can listen for CAEP signals as an added layer in SGNL policies to enhance the context available in granting data-level access decisions. When leveraging SGNL with CAEP events, data access is granted when the user has business context validating their need to access the data requested and their user has not received any negative CAEP event from CAEP-transmitting services.
This combination creates a truly proactive approach to access management that is ideal to teams striving to achieve zero trust. Given our deep commitment to improving the ability of identity professionals to create a proactively robust, dynamic and continuous access management platform in the spirit of zero trust, we were happy to be listed as a CAEP vendor in this report.
Gartner 2023 Digital Identity Hype Cycle
The second edition of the Digital Identity Hype Cycle was also published in July 2023, with CAEP progressing further along the Innovation Trigger stage of the Hype Cycle adoption curve. In this report, analysts Ant Allan and Nathan Harris’ recognize CAEP as a benefit to decentralized organizations looking for solutions to adaptive access. They stated, “CAEP enables sharing of risk signals, contributing to adaptive access approaches and continuous session management in decentralized environments.”
If you’ve followed SGNL CTO Atul Tulshibagwale’s previous posts on CAEP, including his insights and updates as co-chair of the OpenID Foundation’s Shared Signals Framework Working Group, Gartner’s acknowledgement of CAEP’s ongoing growth on the Hype Cycle’s maturity curve is an exciting development.
This recognition mirrors other recent industry interest and adoption in CAEP, and reinforces the deep need for improved interoperability for identity technologies. For more information on how other technology firms like Apple, Microsoft and more are adopting CAEP, check out this blog post.
Like the Gartner 2023 Zero Trust Networking Report, we appreciated being recognized amongst the biggest names in technology as a vendor of CAEP services. And the recognition of our free CAEP transmitter builder, CAEP.dev, as a “testbed…to provide education, and also to test CAEP implementations and thereby driving adoption.”
Gartner 2023 Market Guide for Identity Governance and Administration
A common theme in this year’s Gartner Market Guide for Identity Governance and Administration, is the growing emergence of a “light” approach to IGA. Gartner analysts, Rebecca Archambault, Henrique Teixeira, Brian Guthrie, David Collinson, and Nathan Harris, define this as “tools with some IGA functions (such as access management, converged identity platforms and IT service management)… Light IGA tools often focus on the identity and user administration features with limited coverage.”
An identity-based approach to access management is a much-needed extension of base IGA functionality for SGNL customers and prospects that have already invested in IGA technologies. When speaking with these companies about the last-mile value that SGNL can bring, we often refer to this use case internally as “IGA Light” and are immensely excited by the analyst validation of how continuous access management can extend the value of IGA investments.
Conclusion
This summer’s impressive publication schedule from Gartner analysts clearly indicates the growth and movement of the identity and security ecosystems already seen in 2023.
The recognition of CAEP, CAEP.dev and SGNL are very exciting, but even more exciting is Gartner’s validation of the growing importance for interoperability, context-based policies and dynamic access management for identity professionals. All three critical enhancements to IAM are at the core of our approach and what we believe is central to the future of identity and access management, and reducing security risks for the modern enterprise.
We can’t wait to follow the next publications from the analyst community!
Schedule time with a SGNLer to learn more about our approach to interoperability, context-based policies and dynamic access management.