{"id":16002,"date":"2026-03-25T10:06:38","date_gmt":"2026-03-25T10:06:38","guid":{"rendered":"https:\/\/newestek.com\/?p=16002"},"modified":"2026-03-25T10:06:38","modified_gmt":"2026-03-25T10:06:38","slug":"6-key-trends-reshaping-the-iam-market","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16002","title":{"rendered":"6 key trends reshaping the IAM market"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

The identity and access management (IAM)<\/a> market has shifted its focus from traditional \u201clogin and MFA\u201d mechanisms toward treating identity as a security control plane.<\/p>\n

Buyers are prioritizing phishing-resistant authentication, including passkeys, and the management of non-human identities<\/a>, according to an array of experts quizzed on developments in the market by CSO.<\/p>\n

\u201cWorkforce access is still the anchor, but more programs now pull in governance, privileged access, and controls for non-human identities because those gaps are where attackers and auditors keep finding leverage,\u201d says Dave Lewis<\/a>, global advisory CISO at password management tools vendor 1Password.<\/p>\n

While the overall European cybersecurity market grew by 7.5% in 2025, IAM surged by 10.8%, according to industry analysts Context.<\/p>\n

As of January 2026, the market has accelerated even further, showing a 24% year-over-year (YoY) increase in the first month alone.<\/p>\n

Joe Turner<\/a>, global director of research and business development at Context, says the market growth reflects how \u201csecuring the user\u201d has become a spending priority in many enterprise security programs.<\/p>\n

Agentic AI shakes up IAM\u2019s future<\/h2>\n

The increased need to manage non-human identities \u2014 machine identities, AI agents, secrets \u2014 is one vector shaping the evolution of IAM, as both a technology and a market.<\/p>\n

\u201cNon-human identities \u2014 service accounts, API keys, AI agents, and IoT devices \u2014 are rising significantly, and in most enterprises they already outnumber human users by around three to one,\u201d says Paul Hanagan<\/a>, CTO of Conscia UK, a provider of secure and complex digital infrastructures.<\/p>\n

The IT industry is moving past the introduction of AI technologies toward agentic AI, where autonomous agents act on behalf of users with increasing autonomy. This transformation requires a rethink in how security controls manage identities and access<\/a> to resources.<\/p>\n

\u201cThe volume and independence of these [AI] entities demands careful monitoring, with least-privilege enforcement and secret keys rotated regularly to ensure non-human identities are secure,\u201d Hanagan says. \u201cHackers are increasingly targeting non-human identities to gain access, so these services must be secured with the same rigor as human accounts.\u201d<\/p>\n

AI should play a big role in behavior analytics, entitlement management, and configuration management by helping to build an identity fabric that bridges security and governance.<\/p>\n

\u201cTo work effectively, AI agents will need continuous access to all sorts of data, which will lead to rapid behavioral changes,\u201d says Jon Oltsik<\/a>, analyst in residence at SiliconAngle and theCUBE. \u201cWe\u2019ll need policies and guardrails here.\u201d<\/p>\n

Passwordless authentication on the rise<\/h2>\n

Passwords have long been the weakest link in most security architectures<\/a>.<\/p>\n

Many mobile phones and laptops already use biometrics for authentication, and the user experience is typically far better than typing a long and complex password into an interface.<\/p>\n

The growing uptake of passwordless authentication<\/a> (FIDO2\/passkeys<\/a>, biometrics) is redefining the scope of many IAM projects.<\/p>\n

\u201cMany enterprises are still in the early stages of deploying passkeys and FIDO2, and biometrics are often deployed as part of a broader MFA strategy, where hardware costs and management overhead remain barriers to widespread adoption<\/a>,\u201d says Conscia\u2019s Hanagan.<\/p>\n

Regulations shake up IAM architectures<\/h2>\n

The regulatory environment has evolved from a tick-box exercise in compliance toward governance and continuous testing to demonstrate corporate adherence to regulations. That shift, according to Conscia\u2019s Hanagan, is actively reshaping how organizations architect their IAM programs.<\/p>\n

\u201cThere is a significant amount of regulatory work under way,\u201d he says. \u201cGDPR, NIS2<\/a>, DORA, PCI DSS 4.0, and sector-specific frameworks all focus on who accesses what, when, and why.\u201d<\/p>\n

Hanagan adds: \u201cThe EU often takes a different approach to the UK \u2014 eIDAS 2.0<\/a>, for example, is driving digital identity wallet adoption across Europe \u2014 which makes compliance particularly difficult for multinational enterprises spanning multiple regions.\u201d<\/p>\n

Sovereign IAM and eIDAS 2.0 decentralize identity<\/h2>\n

With the introduction of the European Digital Identity (EUDI) Wallet<\/a>, companies are looking at decentralized identity architectures.<\/p>\n

\u201cInstead of storing user data, European firms are becoming \u2018relying parties,\u2019 verifying identities through cryptographic proof via government-backed digital wallets to reduce PII [personally identifiable information] liability and comply with the EU Data Act, particularly regarding data minimization,\u201d Context\u2019s Turner says.<\/p>\n

Managed IAM services make their pitch<\/h2>\n

Issues such as the cybersecurity workforce gap and the technical complexity of IAM in the modern enterprise are impacting both CISOs\u2019 identity and access strategies and the direction of the IAM market.<\/p>\n

\u201cMost organizations are running hybrid estates alongside SaaS sprawl, and the identity surface is fragmented across multiple directories, legacy apps, and inconsistent entitlement models,\u201d 1Password\u2019s Lewis says.<\/p>\n

To bridge the challenges posed by this complexity in the face of talent shortages, many organizations are turning to managed IAM services, according to Conscia\u2019s Hanagan.<\/p>\n

\u201cModern IAM solutions are complex to set up and require deep knowledge and expertise,\u201d he says. \u201cWhen this is coupled with the fear that AI may displace roles \u2014 which discourages new entrants into the profession \u2014 and tightening regulation, it takes its toll on why modern IAM projects struggle to progress at pace.\u201d<\/p>\n

The IAM industry consolidates<\/h2>\n

The IAM market is going through a period of consolidation as vendors vie to build the most comprehensive platforms while tackling the problem of managing machine identities and AI agents.<\/p>\n

Notable IAM M&A activity over recent months include:<\/p>\n