Identity and Access Management (IAM), as one of the core middleware, leverages the general adaptability of middleware technology. It sits between different types of users and systems and platforms, focusing on providing an effective middleware function for industries to manage and control access behaviors and permissions of various types of users or terminals. With the continuous advancement of digital transformation, the digital infrastructure and application systems of enterprises and governments are becoming increasingly complex, leading to a growing demand for user identity management and access control. IAM has become an essential core digital platform facility in digital construction. IAM middleware helps users establish a complete set of digital identity governance and data access policies by providing intelligent identity management and refined access control functions. It ensures that enterprise data operations comply with legal and regulatory requirements through controlled access to sensitive data, as well as real-time monitoring and recording of data access behaviors and abnormal traffic. Additionally, by establishing unified standards, specifications, and interfaces across various application systems, it improves IT management and organizational operational efficiency, effectively enhancing the integration, usability, and security of different digital technologies. Driven by cloud computing, big data, and artificial intelligence technologies, IAM solutions are continuously iterating and upgrading, providing enterprises with smarter and safer access control policies. At the same time, with the popularization of zero trust architectures, the application scenarios in the IAM market have further expanded, extending from traditional local deployment environments to hybrid clouds, multi-cloud environments, and IoT devices.
Frost & Sullivan (hereinafter referred to as 'Frost & Sullivan') continues to monitor the IAM middleware market and has officially released the '2024 Global and Chinese IAM Middleware Market Report' (hereinafter referred to as 'the Report'). The report analyzes the current status of the global and Chinese middleware and IAM middleware markets, providing an in-depth elaboration from dimensions such as industry background, market size, driving factors, and development trends, as well as specific analysis around the significant value of IAM middleware. The report points out that with the increasing emphasis on identity access management security by enterprises and governments, the IAM middleware market will embrace broader development opportunities.
1
Global and Chinese Middleware Market Overview
Middleware is a type of independent software service program that sits between underlying IT resources (such as system software and databases) and upper-layer applications (such as ERP, CRM application software) within the overall IT system architecture. It is mainly used to solve problems such as data transmission, data access, application scheduling, system construction and integration, process management between application software and underlying IT resources, between application software, or among application software components in distributed environments. It is a platform that supports application development, operation, and integration in distributed environments. Middleware technology is the cornerstone of modern IT software development, especially the technical foundation of modern cloud-native architectures, and is known as one of the three fundamental software components in current IT architecture alongside operating systems and databases.
The main functional features of middleware include: 1) Middleware is applied in internet environments, primarily serving distributed application software; it can shield the distributed characteristics of application software, hide the heterogeneity of hardware, operating systems, and protocols within an enterprise's IT infrastructure, helping to achieve system decoupling and thereby enhancing the flexibility and scalability of IT systems; 2) It provides a unified and standardized interface for application software developers and integrators, facilitating the combination, reuse, porting, and interoperability of application software; 3) It offers a set of public services to execute various general and standardized functions, avoiding redundant development work and promoting collaboration between applications.
In terms of revenue, the global middleware market size grew from $41.23 billion in 2019 to $57 billion in 2023, with a compound annual growth rate of 8.4% from 2019 to 2023. Looking ahead, the global middleware market size is expected to reach $100.38 billion in 2028, with a compound annual growth rate of 12.0% from 2023 to 2028. This is due to the growing business layer demand brought about by global digital transformation, the continuous evolution of IT infrastructure and software architecture, as well as new application opportunities brought about by IoT devices, AI, and AI Agents. The global middleware market will maintain stable growth.
At the same time, the market scale of Chinese middleware grew from 7.6 billion yuan in 2019 to 15.09 billion yuan in 2023, with a compound annual growth rate of 18.7% from 2019 to 2023. Looking at downstream application scenarios, large enterprises such as energy, power, aviation, rail transit, automotive, finance, manufacturing, and healthcare, as well as the government sector, are the industries where Chinese middleware is most widely used. Moreover, downstream customers in this field place the highest emphasis on IT system supply chain security and domestic autonomy and controllability, making it the main industry area for middleware localization. Looking ahead, the market scale of Chinese middleware is expected to reach 42.84 billion yuan by 2028, with a compound annual growth rate of 23.2% from 2023 to 2028. In 2023, the market scale of Chinese middleware accounted for 3.8% of the global middleware market, and it is expected that this proportion will increase to 6.1% by 2028.
Source: Frost & Sullivan report
2
Driving factors for the development of global and Chinese middleware markets
Applications of AI and AI Agents
The rapid development of the global artificial intelligence industry, especially the innovative applications of large language models, is driving the growth of the middleware market. As a core component in large model training, middleware, combined with ultra-large-scale computing, network, and storage infrastructure, provides powerful computing support for enterprises. With the increasing demand for the design and optimization of AI computing cluster solutions, middleware has seen new growth opportunities. At the same time, the rapid expansion of global AI applications has also increased demand for middleware. Taking IAM middleware as an example, it plays a crucial role in ensuring that AI agents execute tasks securely and efficiently. This includes but is not limited to ensuring that AI agents have undergone appropriate authorization and identity verification when accessing resources; precisely allocating necessary permissions based on the role and assigned tasks of AI agents, meeting both task execution needs and preventing excessive permissions; and monitoring and recording all activities of AI agents, including the resources they access and operations they perform, for subsequent security audits and performance analysis, among other functions. This helps to build a secure and efficient AI agent operating environment.
Higher security and compliance requirements
As governments and regulatory bodies around the world increasingly tighten regulations on data protection and privacy, such as the EU's GDPR and China's Cybersecurity Law, enterprises face more stringent compliance requirements. They must take effective measures to protect user data and network security. Against this backdrop, enterprises' demand for security features and audit capabilities provided by middleware software continues to rise. Middleware providers need to continuously strengthen the security and compliance of their products, including enhancing data encryption, access control, audit logs, and other functions, to meet the increasingly strict regulatory requirements of enterprises. At the same time, enterprises are willing to invest more resources and funds in purchasing and deploying middleware products with high security and compliance to protect their business data and network security, reduce legal risks and compliance costs. Therefore, security and compliance requirements have strongly driven the development of the global middleware market, making middleware play an increasingly important role in enterprises' digital transformation and information technology applications.
3
Global and China IAM Middleware Market Overview
As one of the core middleware components, IAM leverages the general adaptability of middleware technology to bridge different types of users with various systems and platforms. It focuses on providing an effective middleware feature that can manage and control the access behaviors and permissions of multiple types of users or terminals, including but not limited to users, IoT devices, virtual reality environments, and artificial intelligence systems. This ensures that each entity can obtain reasonable access rights and monitors and audits these access activities to enhance overall security and compliance. IAM has a comprehensive identity governance system that includes identity management, access permission control, identity authentication, adaptive multi-factor intelligent fusion authentication, automated control of electronic identity creation and recycling, access behavior auditing, permission mutual exclusion compliance management, and risk management mechanisms that ensure real-time alerts and effective prevention. This can ensure that in enterprises and organizations, the correct users can access the corresponding resources, helping to improve security and reduce risks. With the IAM middleware, enterprise and application developers can integrate IAM functions into each front-end application without having to develop IAM functions separately for each application. This improves connectivity, security, and maintainability between different applications, simplifies the development process, and enhances overall digital service efficiency.
With technological updates and iterations, as customer needs continue to evolve, the new generation of digital identity management systems has become the main development direction in the global IAM middleware market. The new generation of digital identity management systems is a multi-layered, compliant, in-depth security defense and comprehensive identity governance system for identity management and intelligent control. It lies between underlying IT resources and upper-layer applications and is one of the most core infrastructures for digital construction. It manages and controls the permissions and risk control of different types of identities, including internal and external users, system identities, object identities, AI identities, digital identities in metaverse spaces, as well as related identity data and behaviors. It achieves identity management within local systems and compatible cloud environments, further improving in terms of compatibility, usability, scalability, and security, realizing connections, sharing, and security in the digital world.
In terms of revenue, the global IAM market size grew from $9.84 billion in 2019 to $16.17 billion in 2023, with a compound annual growth rate (CAGR) of 16.1% between 2019 and 2023. Among them, the market size based on local deployment models increased from $5.43 billion in 2019 to $8.74 billion in 2023, with a CAGR of 12.6% during the same period. The market size based on cloud environment models showed faster growth, increasing from $2.93 billion in 2019 to $6.46 billion in 2023, with a CAGR of 16.6% during the same period. The cloud environment model accounted for 42.5%. Looking ahead, the global IAM market size is expected to reach $26.78 billion by 2028. The cloud environment model is expected to reach $13.92 billion by 2028, with a CAGR of 16.6% between 2023 and 2028, and the cloud environment model will account for 52.0%.
Source: Frost & Sullivan report
The Chinese IAM market started relatively late. In terms of revenue, the scale of the Chinese IAM market grew from 1.27 billion yuan in 2019 to 3.15 billion yuan in 2023, with a compound annual growth rate of 25.4% from 2019 to 2023. Among them, the scale based on local deployment mode increased from 1.14 billion yuan in 2019 to 2.73 billion yuan in 2023, with a compound annual growth rate of 24.4% from 2019 to 2023. The scale based on cloud environment mode showed faster growth, increasing from 130 million yuan in 2019 to 420 million yuan in 2023, with a compound annual growth rate of 32.8% from 2019 to 2023. The cloud environment mode accounted for 13.2% in 2023. Looking ahead, with the continuous deepening of China's digital transformation and the wide application of digital technologies such as cloud computing, big data, and artificial intelligence, the IAM market and identity cloud service market will achieve significant growth. Thanks to the expansion of China's cloud service market, the identity cloud service field will embrace broad development space, indicating huge growth potential and market opportunities. The scale of the Chinese IAM market is expected to reach 10.21 billion yuan in 2028, with a compound annual growth rate of 26.5% from 2023 to 2028. The cloud environment mode is expected to reach 1.97 billion yuan in 2028, with a compound annual growth rate of 36.5% from 2023 to 2028, and the cloud environment mode accounted for 19.3% in 2028.
Source: Frost & Sullivan report
4
Driving factors for the development of global and Chinese IAM middleware markets
Application iteration acceleration
With the acceleration of digital transformation in Chinese enterprises, the number of applications within the internal management processes, including interactions with customers, suppliers, and partners, is increasing continuously, leading to an increase in the complexity of digital systems. To improve efficiency and competitiveness, enterprises are constantly introducing new applications and services. These applications can be internally developed or purchased as SaaS services externally. As the number of application systems increases, managing user access to these systems becomes more complex. Traditional manual management methods can no longer meet the identity management needs in large-scale, multi-system environments. IAM systems can provide a centralized platform to automate the management of user identity information and access permissions, ensuring that only authorized users can access specific application systems. In addition, the increase in the complexity of digital systems is mainly reflected in system integration and data exchange. Enterprises need to coordinate, manage, share, and interact with different types of application systems and users uniformly to achieve business process automation. This involves not only internal enterprise systems but also supply chain systems and external collaboration systems. IAM helps enterprises achieve secure and efficient access management in complex system environments by providing unified identity authentication, authorization, risk control, sharing management, compliance auditing, etc.
The development of cloud computing and artificial intelligence technologies
As enterprises accelerate their migration to the cloud, ensuring secure access to cloud resources and fine-grained permission control becomes crucial. IAM provides enterprises with the capability to centrally manage and finely control cloud resource access permissions in a cloud environment. It allows multiple user identities to be created and managed under one cloud account, assigns different access permissions to different user identities, and offers more granular access management, providing enterprises with an identity access management solution that better fits the modern cloud environment. At the same time, the development of artificial intelligence technology has driven the IAM market from identity management to potential risk posture awareness functions. AI technology enables IAM to have more comprehensive and intelligent proactive defense capabilities such as pre-event detection, dynamic permission control and in-process control, post-event comprehensive audit and traceability, making it easier to use, safer, and more efficient.
The enhancement of value as a factor of production
In the digital age, data has become an important asset and production factor for enterprises. The circulation and utilization of data require strict data ownership and access control to achieve data classification, grading, and decentralization. IAM systems can accurately allocate access permissions based on users' roles, responsibilities, and needs, including access control at the feature level, menu level, and data level, ensuring that employees, partners, and customers can only access data necessary for their work or business. In addition, with the strengthening of data privacy regulations such as China's Personal Information Protection Law, enterprises must ensure that the collection, storage, and processing of personal data comply with legal requirements. IAM systems provide key access control and compliance audit support in this process. IAM systems not only offer identity authentication and authorization management but also help enterprises record and analyze data access behavior through auditing and monitoring functions. This helps enterprises promptly detect and respond to potential security threats while providing necessary logs and reports for compliance audits. As enterprises increase their dependence on data, the role of IAM systems in protecting data security, supporting compliance, and enhancing data governance capabilities becomes increasingly prominent.
Industry-friendly policies introduced by the government
The Chinese government has introduced a series of policies and measures to promote enterprises' cloud adoption and digital transformation. These policies encourage enterprises to use cloud computing and platform services to improve operational efficiency and innovation capabilities. As more enterprises adopt cloud services and multi-cloud strategies, there are higher demands for access efficiency and security management in cloud environments. IAM systems have become a key technical support tool in this context, helping enterprises achieve efficient and secure management of cloud resources in complex scenarios.
The rise of collaborative and remote work
The cooperation between enterprises increasingly relies on digital platforms and tools, which require enterprises to securely share data and resources while protecting their own business and customer information. IAM systems ensure that only authorized partners and suppliers can access specific data and applications by providing fine-grained access control and permission management, thereby supporting efficient collaborative work in the industrial chain. Mobile office enables employees to access enterprise resources from any location using any device, posing new challenges to enterprise security management. IAM systems support features such as multi-device management, multi-terminal entry management, remote access policies, and virtual private networks to ensure data security and compliance for employees working remotely, providing a guarantee for information security in remote office environments.
Strengthening of data privacy and compliance supervision
In recent years, with the vigorous development of the digital economy, the value and sensitivity of personal data have become increasingly prominent, and China's requirements for data privacy and compliance have also become more stringent. To address this challenge, China's legislative body has introduced a series of new regulations and standards, including the landmark Personal Information Protection Law (PPIPL) and the Data Security Law (DSL). The formulation and implementation of these laws and regulations mark a solid step forward for China in the field of data protection and cybersecurity. According to the provisions of the PPIPL, enterprises must follow the principles of legality, legitimacy, and necessity when collecting, storing, using, sharing, and transmitting personal data to ensure data security and the protection of individual privacy. In addition, the DSL clarifies the data classification and grading protection system, requiring enterprises to take corresponding protective measures based on the importance of the data and the potential harm that a breach could cause. Against this backdrop, the role of IAM middleware has become particularly crucial. IAM middleware provides fine-grained access control and authentication functions, helping enterprises establish a complete set of data access policies. It can not only restrict access to sensitive data but also monitor and record data access behavior in real time, ensuring that enterprise data operations comply with legal and regulatory requirements.
3
Overview of the Market Competition Landscape for Chinese IAM Middleware
The main participants in the IAM market in China include IAM solution providers represented by Bamboo Cloud Technology, AsiaInfo Security, Paila Software, and CoreShield Times. IAM solution providers have rich industry experience and professional product innovation capabilities in providing IAM-related solutions. They offer a variety of functions including identity management, authentication, access control, dynamic authorization, permission management, intelligent risk control, etc., and support both local deployment and cloud-based service models. In terms of revenue for 2023, Bamboo Cloud Technology is the largest IAM solution provider in China.
