Gold: Oracle Identity and Access Management Suite Plus, Oracle Corp.
Besting its bronze finish in 2012, Oracle Identity and Access Management Suite Plus improved in a notable problem area to take home gold in 2013: integration and compatibility with associated products, directories and other user information stores. Oracle also received high marks for its scalability and the breadth of platforms, applications and domains it covers, including authorization standards such as ABAC, RBAC and XACML. Readers generally described the product as "excellent" and noted that it "enhances" the security of their systems.
Oracle Identity and Access Management Suite Plus aims to deliver a comprehensive product that gives enterprises the ability to integrate and scale a variety of components. Highlights of the suite include Oracle’s single sign-on technology, which delivers a unified authentication process for everyone from system admins to remote users on any device, and various identity management controls, including role-based identity administration and privileged account management controls. The product provides a complete view of user access, plus dashboards and reports that are actionable so administrators can enforce compliance regulations. The suite also offers an API gateway that can be used to secure and manage APIs, including APIs for mobile and cloud deployments.
Expert market reflection on category dynamics:
"The identity and access management market continues to be stretched by SaaS application adoption, mobile endpoint proliferation and the rise of identity providers outside the enterprise. IAM as a Service (IDaaS) adoption continues to grow and enterprises are using a variety of techniques to provide convenient access to users on mobile devices."
-- Gregg Kreizman, research vice president, Gartner
Silver winner: RSA Identity Protection and Verification Suite, RSA, the security division of EMC
Beaten by the narrowest of margins, RSA Identity Protection and Verification Suite earned the silver medal. The product uses device forensics, behavioral analysis and RSA's eFraudNetwork to provide multifactor authentication. Enterprises can supplement their threat detection capabilities via Web session intelligence and one-click incident investigation. RSA Transaction Monitoring is included to deter attacks aimed at authentication weaknesses. It can also be deployed either as an on-premises product or as Software as a Service. Information Security readers gave RSA Identity Protection and Verification Suite good marks for scalability, extensibility, integration and return on value.
Bronze winner: CA IdentityMinder, CA Technologies Inc.
Held back by issues with extensibility and compatibility with associated products, directories and other user information stores, Information Security readers awarded CA IdentityMinder a bronze. The product's highest scores came in the areas of scalability and ease of use. CA IdentityMinder attempts to simplify lifecycle management by providing automated account provisioning, removal and approval procedures and allowing users to manage their own identity attributes, including password resets and resource access requests. The product delivers centralized control access management policies and roles via both on-premises and cloud applications.