Why are private equity firms acquiring so many identity management companies?
There’s a landrush in the identity management space, which has important implications for enterprises that rely on these systems to run their business applications.
Private equity firms (PE) are picking up Identity and Access Management (IAM) companies at a fast pace. In 2022, Thoma Bravo acquired Ping Identity, ForgeRock, and SailPoint. In the same period, IC Consult Group—which is backed by equity firm The Carlyle Group—acquired Kapstone Technologies, SecureITSource, and ICSynergy.
What makes identity technologies appealing to PE firms?
Why is IAM so hot? PE firms like identity technologies because these systems are considered to be a recession-resistant play. After all, everyone needs IAM systems to run apps, and apps run everything in business today.
The technology also boasts a long tail, because it is both difficult and expensive to replace. Many companies are locked into legacy identity systems, even as they age because the process of removing one system and deploying a new one is time- and budget-intensive.
Since identity systems are hardcoded into apps, each app must be rewritten before it can be moved to a modern cloud identity system like Okta, Amazon Web Services, Microsoft Azure AD, Google Cloud Identity, or another identity provider. For the average large enterprise, this can mean years and millions of dollars spent in labor and technology, not to mention disruptions and potential downtime affecting business operations.
What the identity vendor M&A surge means to users
PE firms have recognized this market opportunity, and with nearly $2 trillion in capital looking to find a home, they are doubling down on it. Investment funds are buying identity companies to reap the benefits of their extensive installed bases, which generate large amounts of recurring revenue and often have multi-year contracts. This fits in well with the PE model, which seeks to pay off leverage and reward investors with steady and growing cash flows from the acquired businesses.
An acquired company can shift its focus away from product development and innovation to the pursuit of cash flow and cost-cutting. IAM vendors may find they have little incentive after an acquisition to continue adding functionality and features to products that are near the end-of-life since they won’t be making incremental sales. They also have little incentive to invest in support and customer care since customers are locked into long contracts, thanks to the difficulty in replacing IAM systems.
The level of difficulty in replacing legacy identity systems means PE firms have the leverage to negotiate long-term, multi-million dollar renewals for the IAM systems they acquired. For the vendors, it means a more profitable relationship, but customers may find themselves spending significantly more and locked into longer contracts with diminishing returns.
Orchestration breaks IDP vendor lock-in
It may seem that users have few options—and fewer as mergers consolidate the selection—but a new standards-driven approach to identity management has emerged to offer the promise of relief. Rather than bind customers to yet another identity provider, orchestration decouples apps from identity infrastructures so any number of providers can be supported. That way, customers don’t have to commit to extended contracts on end-of-life identity systems and pay more to maintain them.
Orchestration can insulate users by using an abstraction layer that decouples the applications users need from the identity infrastructure required and lets them act independently. Thanks to the abstraction layer, an organization can move apps to the cloud to gain the benefits of agility and scalability, and jettison those legacy IAM systems.
Enterprises can retire all their aging on-premises gear—not just the software, but also the servers and all of the other infrastructure that goes along with them. One way to view this challenge is by comparing current identity infrastructure to an iceberg, with the tip of the iceberg being the IAM software license. Orchestration blasts the whole thing out of the way; clearing the path to modern cloud identity systems mentioned earlier.
Identity orchestration gives companies options for avoiding vendor lock-in, and the opportunity to modernize their applications and remake their environments using the cloud to suit their business priorities.
Originally published on Forbes Technology Council on Feb. 1, 2023