Is GDPR fueling identity management investments?


It’s one of the oldest disciplines in cybersecurity, and to this day it still remains one of the most important. This is why it didn’t surprise me to see a recent analyst report estimating that the identity and access management market is expected to reach about $20 billion by 2023, up from $7.8 billion in 2016. That’s a compound annual growth rate of nearly 15 percent.

In a similar vein, another research report predicts that the privileged identity management market will grow at more than twice that rate, or 32 percent compounded annually.

One of the primary drivers behind short-term identity management investment is no doubt the European Union’s (EU) General Data Protection Regulation (GDPR). The GDPR requires companies to provide a reasonable level of protection for personal data. While it’s not clear what reasonable exactly means, all enterprises with data on EU citizens will have to comply to the GDPR rules regarding data that includes basic identity information (name, address, ID numbers, and website usage data like cookies, web addresses, etc.) health data, demographic data, as well as sexual orientation and political opinions.

Tracking all of these attributes, and making sure they can be adequately protected, certainly requires that good identity management systems be in place. And good identity and access management helps to ensure that only the right users have access to sensitive (and regulated) enterprise data — through the enforcement of identity policies and the managing of compliance to those policies.

When it comes to the security of privileged access accounts — which are accounts that provide exceptional access to applications, systems and resources — security and policy compliance is even more crucial. It goes without saying that these account types, if not properly secured and managed, can lead to significant security problems.

The rush to GDPR compliance could very well be driving this anticipated identity management investment. As we covered last month, surprisingly, only 8 percent of respondents to a survey conducted by insurance and risk management firm Marsh said that their organizations were currently GDPR compliant and 57 percent said at the time that their enterprises are currently developing compliance plans. Another 11 percent of those respondents reported that they had yet to develop any compliance plans.

For those enterprises that are behind on their GDPR efforts, identity management would be more than just a good place to start, it’d be an essential place to start. Effective identity management not only protects systems, but also provides a great indication of when systems are under attack, provides transparency into who can access what resources, and helpful forensics information.

If an organization is behind in their GDPR efforts and doesn’t have its identity program at the necessary maturity level, then increased investment in identity management capabilities makes perfect sense. It can help these organizations both improve their security posture and better meet their GDPR mandates.


GDPR raising cybersecurity awareness among EU business leaders

GDPR compliance not so costly for big firms

Lemons, silos and trust issues: How to turn GDPR into lemonade


  1. […] Is GDPR fueling identity management investments? […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.