Last year, we made some predictions about what we expected in the Identity and Access Management (IAM) world in 2024. Time has flown by - as it tends to do - and the turning of a calendar year gives us the opportunity to look back and see how close we came on those guesses to what actually happened in the past 12 months
Year-ends are a great time for reflection, so here’s our own report card based on the IAM Market Predictions we made for 2024:
Prediction 1: More wood behind the arrow
GRADE: A
We anticipated that 2024 would “bring more firepower to the advancement of IAM products and markets,” and it absolutely delivered!
Terms like ITDR, Zero Standing Privilege (ZSP), Identity Security became omnipresent at industry events - in sponsors’ booths, session topics, and keynote speeches. Moreover, for the first time in recent memory, identity-led approaches and initiatives gained significant traction in security organizations and events. Concepts like Identity-First Security, Identity-Led Security, and the notion of identity as the true perimeter of security moved beyond IAM circles and into the broader zeitgeist of security leaders.
This is to say nothing of the product advances we saw in 2024, as IAM and security vendors have continued to innovate and enhance their offerings to be more real-time, dynamic, and fortified than ever before.
Prediction 2: Developers will be a Force Multiplier for IAM…Leading to a Greater Need
GRADE: C
While we have no doubt seen developers, enterprise architects, and their lines of business “lean in” to IAM as a necessary component of application development and their integration into business, we didn’t see developers driving identity as the significant force we anticipated.
Momentum continues to grow behind AWS Cedar and Google Zanzibar, but the need for centralizing management remains. The broad adoption of these developer-centric tools hasn’t yet reached a tipping point, signaling that the majority of the market hasn’t been compelled to act just yet. The paradigm of enabling applications to validate varying levels of authorization internally (within their own confines) is a vastly different from connecting multiple systems into a “hub” where apps can communicate to make broader, more consistent, and contextual authorization decisions across the enterprise security tech stack.
We would be remiss to not mention advancements supporting developers in the IAM arena, such as Open FGA advancements, Transaction Tokens standards, and Tratteria. At the time of original publication, however, this prediction referred to much more of a driving force than we saw in 2024.
Prediction 3: Expansion always; in all ways
GRADE: B
Economic conditions may have driven this prediction more than technological advancements. Despite external challenges, 2024 saw a return to an expansive investment market, albeit in a more controlled and conservative manner compared to previous years. Lower borrowing costs spurred economic activity by encouraging people and businesses to spend and invest more, and this includes venture capital. Which has driven some level of return to fundraising and valuation levels of the past, but in a more controlled and conservative fashion.
One area of this prediction we have not seen substantiated is the return to public offerings. Private equity has been active in technology and cybersecurity in general, yet this attention has not been replicated by public market initiations. One notable exception was Rubrik’s IPO in April 2024, whose stock (NYSE:RBRK) saw minimal returns for most of the year, but then surged over 100%1 later in the year.
Prediction 4: AI continues to lead the charge
GRADE: A
Perhaps the “safest” of our predictions for 2024, every company started asking themselves “what is our AI play?”, regardless of industry or market category. Product roadmaps, announcements, demos, and launches were full of references to AI, ML, LLMs, “Copilots”, “Agents”, and other tools to augment human intelligence.
We previously noted that we were “only in the second inning of AI development and adoption,” and we still believe this to be true. There is significant value yet to be squeezed out of AI, and the IAM industry is still beginning to figure out how to maximize it most efficiently… and thoughtfully.
Prediction 5: IAM standards will be solidified
GRADE: A
IAM standards were not only strengthened and stabilized in 2024 but also became a hot topic of discussion at industry events. Sessions on interoperability at Gartner’s IAM Summits (EMEA and North America) and Authenticate were particularly noteworthy.
The growing maturity of standards like AuthZen and CAEP benefits the entire industry—rising tides lift all ships. These established standards drive innovation, expand ecosystems, and attract more scrutiny (e.g., peer reviews and detailed analysis), ultimately making the IAM space stronger.
CONCLUSION
The beauty of being part of the IAM industry is that it’s constantly evolving, developing, and advancing. These predictions and their outcomes are merely a snapshot of where we are now and where we thought we’d be—they’re not definitive.
One prediction that remains unchanged is this: Identity and access management isn’t “solved.” We need smart, driven, and passionate people to keep paying attention to this space and contributing to its growth.
Stay tuned for more predictions, and reach out to meet with SGNL in 2025—it’s going to be a banner year!
1 SailPoint also selected Morgan Stanley and Goldman Sachs in late 2024 with plans to go public (again) in the first half of 2025 https://www.bloomberg.com/news/articles/2024-11-19/thoma-bravo-s-sailpoint-picks-morgan-stanley-goldman-for-ipo