At SGNL, we take a growth mindset approach. Perhaps best explained by Carol Dweck in her best-selling book Mindset, a growth mindset is simply the idea that what we are - or what [we] can become - is not pre-determined. It is often most simply summed up by adding the word “yet” to the end of a statement describing a current challenge. For instance: “I can’t speak another language…yet,” or “I don’t know how to drive…yet.” One of my favorite things about publishing predictions for the upcoming year is that they can’t be wrong…yet. When we are wrong, we try to call it out - as we did in our recent blogpost grading 2024 predictions.
We’re at an exciting time in technology, security, identity, and more! Let’s check out what could happen in 2025, but hasn’t…yet:
This year, we’ve grouped our predictions by how outlandish or far-fetched the claims may be. If we were wagering on the probability of the group’s predictions coming to fruition, Group 1 would be a high probability, whereas Group 3 would offer a high return on your investment (ie: longer shot, low probability).
Group 1: The “Lowish-Hanging fruit”
Identity gets more (and less) business-driven.
As companies have adopted cloud technologies (SaaS, etc), the management of its access had to be rethought. Yet for awhile now, this was a tactical need that organizations treated as a task on a checklist, not strategically or as a part of a larger business driver. More and more, customers are requiring their vendors not only to secure their data, but strictly manage the users, machines, and anything else with access to their systems. These “supply line” breaches are unfortunately all too prevalent in the world today. In 2025, expect that these IAM approaches are business-led, as opposed to technology-led.
Subsequently, some of the previous identity needs (like CIAM), will be spun-off from vendors’ capability consideration, as organizations divert their focus between securing the access of their own workforce, and authenticating their customers into their application. The maturity of workforce identity management solutions has nearly commoditized authentication and SSO capabilities.
The maturity of workforce identity management solutions has nearly commoditized authentication and SSO capabilities.
In 2025, customer identity will clearly diverge from workforce identity management in market categorization and capability, as workforce IAM ceases to be a value differentiator for evaluating customers.
AI grows in security ops
There must be some regulation that requires we include “AI” in a blog that is about technology and the future, so hopefully this fulfills that commitment. That said, we (and everyone else) talked about the opportunity for AI in 2024; there were definitely some advancements, but in 2025, expect to see AI’s real value for IAM focus on the area of security operations.
in 2025, expect to see AI’s real value for IAM focus on the area of security operations.
When AI “hit the masses” (notably via ChatGPT’s launch), companies scrambled to implement it for efficiency and effectiveness. What we’ve seen in the past couple years however, is that there are areas where we just aren’t ready to glean a ton of value from AI – currently, cybersecurity and IAM is one of them; except for SecOps. Areas with human agents engaging in especially manual, yet tedious, tasks are ripe for augmentation from machines. We’ll see this in the coming year.
Group 2: Some Bigger Swings
Identity-Security providers add offerings to become broader solutions
For years we’ve heard about the “platforms” in technology, whether identity, security, or even productivity. Too often, we’ve seen vendors try (unsuccessfully) to turn their solid product into a “platform” in the interest of increasing ARR and expanding customer spend by plugging in customizable components. In the identity-security world, we will continue to see this opportunistic functionality consolidation (but not entirely an all-in-one platform).
Legacy offerings were born out of need, siloed, and subsequently managed by disconnected components of an identity or product team. Nowadays, we’re left with a handful of products that not only lack communication and integration with each other, but the teams managing them follow suit. To address this, we’ve seen some leading security organizations very publicly state the “platformization” of cloud security is key: indicating an amalgamation of different offerings.
It is not expected (nor recommended!) that every identity-security offering will take on adjacent product offerings, but we will continue see more inclusion and integration to natively support complementary solutions. Forgive the acronyms and alphabet soup, but look for functionality like: XDRs add EDR, and MDR, CASB/SSE and SOAR add SIEM, SSO include IGA, IGA overlapping with PAM, and any of the in-between and vice versa.
Standards Standardize
Buoyed by excellent interoperability sessions at events like Gartner’s IAM Summit, Authenticate, and Identiverse, standards gained significant traction in 2024. We saw tremendous engagement from customers and vendors alike to leverage CAEP, RISC, AuthZen and others.
In 2025, we are doubling down on the standards approach for open source participation in IAM. Expect to see not only increased support for the existing standards from years past (aforementioned), but also more standards to emerge to enable greater functionalities. As added benefits, the confidence in standards will drive platform functionality, integration, and adoption across IAM and security markets.
In 2025, we are doubling down on the standards approach for open source participation in IAM.
Group 3: Go Big or Go Home
Security (and Identity) IPO
We expected to see a return to more active markets in the past year, but as we reviewed in our recent prediction grading post, we didn’t see as much as anticipated. In 2025, there will be significant growth in this realm: more specifically in the IPO arena.
Identity market experts are already reporting SailPoint’s plans to go public (again), and industry darling Wiz recently announced the hiring of a CFO, presumably with eyes on going public themselves this year. Surveys continue to depict security organizations’ intention to increase spending (Gartner forecasts a 15% rise in cybersecurity spending for 2025, and a Delinea report found that 78% of organizations plan to increase identity security spending in 20251), which translates directly into revenue for security vendors2.
Following Rubrik’s 2024 IPO, we expect the list of public security companies to expand considerably this year.
IAM is revolutionized
Given the represented spending increase (via survey1 data) and market evolution represented by the above, we are poised to see some significant changes in the world of IAM in the coming years. The early waves of these sea changes will be experienced this year.
Not long ago, IAM was basically a way to manage credentials to mission critical hardware (routers, switches, servers) and its administration. With the revolution of cloud applications came industry leaders like Okta and Ping, focusing more on SaaS than previous providers like Microsoft, SailPoint and others (at the time). Okta’s IPO (2017) signified a real shift in IAM, where IDaaS (identity as a service) was accepted for “prime time”.
2025 will begin to accelerate another inflection point in identity, where we will look back and recognize that this is when the siloed approach of static access management fundamentally shifted. Zero standing privilege, dynamic access in realtime, and signal sharing from different sources to create context-informed session management are some examples of priorities IAM solutions will be asked to demonstrate moving forward.
2025 will begin to accelerate another inflection point in identity, where we will look back and recognize that this is when the siloed approach of static access management fundamentally shifted.
This is going to be a big year in IAM and identity security. Identity continues to earn its “seat at the table” within security and on its own merits. Gartner has recently pointed out that “By 2028, 10% of all companies worldwide will have a chief identity officer (CIDO) appointed to their board, resulting in a transformation of how IAM is prioritized in cybersecurity.”3
I expect a big splash from identity in 2025 - and SGNL hopes to contribute! - looking forward to seeing what we can accomplish together.
https://www.globenewswire.com/news-release/2025/01/14/3009291/0/en/78-of-Organizations-Plan-to-Increase-Identity-Security-Spending-in-2025-Delinea-Report-Finds.html ↩︎ ↩︎
“By 2028, 10% of all companies worldwide will have a chief identity officer (CIDO) appointed to their board, resulting in a transformation of how IAM is prioritized in cybersecurity.” - Gartner Inc., Top 4 Findings From the State of Identity and Access Management Survey by Michael Kelley, Rebecca Archambault, Nathan Harris, Brian Guthrie 4 Dec 2024 ↩︎
Gartner Inc., Top 4 Findings From the State of Identity and Access Management Survey by Michael Kelley, Rebecca Archambault, Nathan Harris, Brian Guthrie 4 Dec 2024 ↩︎