We’re excited to be included in the first Policy Based Access Management (PBAM) market report! The KuppingerCole Analysts AG’s 2022 Market Compass provides an excellent overview of how the access market is transforming and emerging vendors in the space.
The Policy-Based Access Management Market
The report defines PBAM as “a segment of the access control market that employs policies, evaluated in real-time, to provide access decisions to user requests for access to protected resources such as a computer application or sensitive database.”
There are a few essential aspects of PBAM that I’d like to highlight:
The importance of “decoupled” policy:Decoupling policy from the app, platform, or service, means that each component essentially gets its own, discrete, standalone policy engine that can be changed, updated, replaced, or scaled independently. So, a developer can change the coding for the policy without changing the coding for the app.
The need for a unified approach: Historically, developers and operations teams have had to custom-build separate authorization across various languages and tools, because there was no standard approach to access policy that worked everywhere. However, this takes time and has a detrimental effect on efficiency, uptime, and reliability, because changes and fixes require granular, specialized expertise in each area, and policy is often in conflict across tooling or environments. DevOps and IT teams will work better together with a shared authorization solution that works across the entire cloud-native stack.
It’s addressing a real problem that organizations are increasingly facing: As more and more organizations build and adopt cloud-based applications, the need for policy-based access controls increases in importance. What has worked in the past to solve access problems no longer applies in a microservices-based architecture because it is exponentially more complex.
For more detail, here is KuppingerCole analyst Graham Williamson, author of the Market Compass, on the importance of policy-based access management and the need for a unified approach to policy:
In addition to the general topics of the PBAM report, these points reflect a state of the market that we—as the founders of Open Policy Agent and Styra DAS—also see every day. In short, when organizations start to build cloud-native applications, they finally have an alternative to the DIY authorization solutions that have led to so much pain in the past. Solutions like OPA and Styra DAS give teams the ability to offload from their downstream systems with a single, unified language and control plane to ease writing, implementing, and maintaining policy. Developers can build differentiated features for their apps that their customers will love. Security and IT departments can rest easy knowing that proper controls are in place and compliance needs are met.
Where is the industry headed?
Right now, we see all the “cloud-first” organizations – often large enterprises and SaaS companies – are already addressing the new complexity challenges associated with cloud-native access/authorization with OPA and Styra DAS. This report comes at the perfect time, because the pioneers in the space have established a set of best practices around digital transformation and cloud migration - and Access Management is critical to those efforts. As every company moves to the cloud and builds modern applications, the need for unified policy-as-code solutions will only increase. It’s wise to start defining this early so that when these companies get to the cloud-native adoption point, they have a solution.