Enterprise Information Resource Identification and Control Systems - IDM (Russian Market)

2023: Named factors that influenced the development of the Russian authentication market

RooX named 6 factors that influenced the development of the Russian authentication market. RooX announced this on December 28, 2023.

Among the main ones are the emergence of industry standards, new types of users and the complication of integrations, as well as import substitution and hybrid development.

RooX analysts have identified several key factors in the development of the Russian segment of identity and authentication management systems.

Factor 1. Moving towards a product approach

Until the 2010s, the domestic segment of IAM solutions developed along the project path, when the business closed this need with the help of custom or internal development. As of December 2023, strong domestic vendors appeared on the market, offering both lines of boxed products and platforms for deploying custom functional solutions.

Factor 2. Industry standards have taken the place of disparate technologies

A notable driver of development identifications and authentication was the emergence of technical standards that international groups and Russian institutions are working on. Many cases have their own standard or specification. For example, the Technical Committee for Standardization "" Information protection(TK 362) FSTEC published GOST R 70262.1-2022 "Protection. information Identification and authentication. Authentication Trust Levels. " Work continues on new documents. Advancing industry standards simplifies solution development and helps ensure the right level of protection.

Factor 3. New types of users and more complex integrations

With the development of business and technologies, various applications are added to the IT loop of companies, new types of users appear. For example, non-official formats of employees' work have become widespread: remotely, at an outsider, "in the field." In addition, interpenetration between information systems of different companies increases. Examples: interdepartmental interaction, access of contractors to actions within the customer's IP, B2B2E format services.

Previously, independent access control modules could exist for each such business scenario. Now, in order to ensure uniform security standards, increase the manageability of the fleet of systems, as well as reduce information security costs, the business seeks to combine all scenarios of identification, authentication and authorization on a single platform.

Factor 4. Relevance of Zero Trust

The Russian segment of IAM was significantly affected by the consequences of the pandemic in 2020 (the explosive growth of remotely working employees) and the increased number of cyber attacks on business and the public sector in 2022. As a result, information security services of companies began to offer to apply the Zero Trust concept to all users, although previously it was considered necessary only for external users (for example, customers).

Factor 5. Import substitution as an opportunity to modernize the IT complex

It is becoming increasingly risky to use foreign access management solutions. Therefore, Russian companies began to actively solve the problem of import substitution. Many of them use this opportunity not only to "switch to Russian," but also to increase functionality and modernize the architecture of the solution.

Factor 6. From inhouse to hybrid development

Against the background of the growth of cyber threats in 2022-2023, increased requirements for the competencies of employees in the field of security arose. cyber security Such an examination cannot be quickly increased within the company, but it is currently DevSecOps unreasonable to completely submit questions to the contractor. Therefore, there was a demand for "hybrid development" of the customer and the vendor. By taking on the expensive task of authenticating and controlling user access, IAM makes it easier and cheaper to develop other business applications.

The variability of scenarios for using information systems is increasing, integrations between systems are becoming more complex, so that the demand for modern authentication and authorization solutions will continue to grow, as will the requirements for their security functionality and UX, "said Aleksei Khmelnytsky, CEO of RooX.

2022: New Identification and Authentication Standard Published

On September 8, 2022, Aladdin R.D. announced the publication of the national standard GOST R 70262.1-2022 "Information Protection. Identification and authentication. Identification trust levels "on the Rosstandart website. It will come into force on January 1, 2023. Aladdin RD specialists actively participated in the development of the standard. Read more here.

2021

Companies from the Russian Federation face cyber incidents due to the control of employee access to IT systems

On May 17, 2021, Rostelecom-Solar specialists pointed out the problem of regulating the access of employees of organizations to IT systems. Thus, 20% of respondents reported that they were faced with cyber incidents because of this problem. At the same time, 46% of business representatives reported medium and high criticality of unpleasant cases related to information security.

More than half of the respondents declared "complete dissatisfaction" or "average satisfaction" with the existing system in the company. Representatives of private companies are more dissatisfied with the solutions and approaches used - 58% compared to 52% in government agencies. None of the Russian organizations surveyed have complete automation of access rights management.

Russian companies face cyber incidents over controlling employee access to IT systems

Tatyana Labeeva, head of access management at the Jet Infosystems Center for Applied Security Systems, in a conversation with the newspaper, noted that the costs of developing and implementing an access system are "incomparable with the benefits of its implementation." According to the Jet Infosystems, in Russia for 2014-2018. only 99 IDM projects (projects of access management systems) were completed, which, nevertheless, is twice as much as in 2009-2013.

As Kommersant writes with reference to a study by Rostelecom-Solara, the level of access to IT systems among different specialists in companies is different. Manual adjustment can result in employees being given redundant rights or retained for some time after dismissal. This creates additional opportunities for scammers.

Information security expert Denis Batrankov says that the main problem with the introduction of access automation systems is that they are expensive, difficult to develop, and also require individualization for the client and constant support. According to the head of the information security audit department of Infosecurity a Softline Company Sergey Nenakhov, the main difficulties.^[1]

Rosstandart approved two standards for the protection of information in terms of access control

The Federal Agency for Technical Regulation and Metrology (Rosstandart) approved the national standards GOST R 59453.1-2021 "Information Protection. Formal access control model. Part 1. General provisions "and GOST R 59453.2-2021" Information protection. Formal access control model. Part 2. Recommendations for verifying the formal access control model. " Their main author is Astra Linux GC, who announced this on May 14, 2021. Read more here.

2018: The number of IDM systems implementations in Russian organizations has increased by 2 times over 5 years

On November 7, 2019, the IT company Jet Infosystems, having analyzed the Russian IdM solutions market for the period from 2014 to 2018, came to the conclusion that over the past 5 years the number of implementations of access control systems in Russian organizations has increased 2 times - from 49 to 99 projects.

Identity Management (IdM) solutions are designed to centralize and automate the management of user accounts and access rights to enterprise information systems, as well as increase control over the use of IT infrastructure. The integration of such solutions with the corporate personnel accounting system allows you to automate business processes for managing access to employment of employees, their transfer to another position, during vacation, as well as in case of dismissal.

The industry demand for IdM solutions correlates with the demand for information security solutions in general. According to a study by Jet Infosystems, access control systems are most in demand in financial institutions (31% of all implementations). At the same time, there is a slight decline in interest in IdM solutions in the industry: over the past 5 years, the number of projects has decreased by 8%. This is due to the fact that most of the financial institutions have already introduced such products.

The second place in the number of implementations is occupied by public sector enterprises (17%). Unlike financial companies, the increase in their interest in IdM projects is due to the state policy of import substitution and, in general, the growing trend towards the informatization of state-owned enterprises.

Oil and gas companies close the top three. During the period under review, the number of projects in this industry has decreased by more than 2 times. This dynamics is primarily associated with a high number of previously implemented implementations: in the period 2004-2008, companies in this sector actively introduced access control systems, and their share in the total number of projects was significant 29%. For 2019, there has been a trend towards migration from one product to another, but initial implementations still prevail.

"The growth of access control systems implementations will continue in the next 3 years. This is due, on the one hand, to the emergence of demand for IdM solutions in new sectors, on the other, to an increase in demand for cloud IdM solutions. As of November 2019, such projects account for approximately 2% of the total number of all implementations, but we expect growth in this market segment. Also, do not forget about the course on import substitution, which is followed by state-owned companies. In recent years, domestic developers have made significant progress on the path of creating IdM, as a result of which they have caught up with foreign ones in terms of the number of implementations, " noted' Yaroslav Zhironkin, Head of the IdM Solutions Department of the Center for Applied Security Systems of Jet Infosystems

During the study, the specialists of Jet Infosystems analyzed the information provided by vendors and distributors, open data on projects for the implementation of IdM systems, their own statistics and expert data of the integrator architects. As part of the study, a rating of vendors by the number of implemented projects was also compiled, migration issues from the solution of one vendor to the solution of another were considered, and the demand for IdM systems was analyzed, depending on the number of companies.

2014

According to experts surveyed by TAdviser, the Russian IDM solutions market in 2014 grew by 10% - from 800 million to 880 million rubles. In dollars, it decreased by 8%.

According to Andrey Konusov, CEO of Avanpost, by the end of 2014, the Russian IDM market was distributed in monetary terms between leading IDM vendors as follows: Oracle - 40%, Avanpost - 30%, IBM - 20%.

The remaining 10% is distributed among other vendors represented in Russia, including Microsoft, Jet Infosystems, TrustVers, as well as two newcomers to the Russian market - SailPoint and Dell.

According to Jet Infosystems, the number of vendors operating in the Russian market has increased markedly. If in 2013 two companies were the leaders of the domestic IDM solutions market, then in 2015 we can talk about four to five competing vendors.

2013

According to WALLIX estimates, the IDM market in Russia was approximately $20 million. Given the cost of IDM systems ($1 million), we can conclude that about 20 projects are being implemented annually in Russia.

According to the estimates of the Jet Infosystems company, in 2013 the volume of the global IDM market reached $5.13 billion. The share of the Russian market in 2012 was 0.5% of the global market. Thus, the probable volume of the Russian market in 2013 was approximately $25-30 million.

The general director of Avantpost Andrey Konusov estimated the shares of the main players in the Russian IDM solutions market. In monetary terms, 65-75% of the market was occupied by foreign vendors (Oracle Identity Manager with a share of 45-50% IBM and Security Identity Manager with a share of 20-25%. The product IdM Avanpost accounts for 15-18%; Microsoft Forefront Identity Manager with a share of 5-6%., (TrustVerseDell after the purchase of the company) Quest and SailPoint together then occupied no more than 10%.

2012

There are no special estimates for Russia, however, experts interviewed by the Anti-Malware.ru portal estimated the market at 0.5% of the world. The dynamics and volume of the global IDM market in 2012 was estimated by Gartner and Forrester at $10-11 billion. Therefore, the volume of the Russian market at the end of 2012 can be estimated at $50-60 million.

According to Avanpost estimates, in 2012 the volume of the Russian IDM market reached $60-70 million. Experts explained: IDM solutions are used in 80% of Enterprise-level businesses in the United States and Europe, which is partly dictated by regulations. In Russia, only 20% of Enterprise companies use IDM. The small and medium-sized business segment does not use IDM solutions at all due to their high cost.

Notes