Gartner defines the application programming interface (API) management market as the market for software to manage, govern and secure APIs. Organizations use APIs to modernize their architectures; APIs provide access to systems, services, partners and data services. API management software enables organizations to plan, deploy, secure, operate, version control and retire APIs, regardless of their size, region or industry.
Gartner defines access management (AM) as tools that include authentication and single sign-on (SSO) capabilities, and that establish, manage and enforce runtime access controls for modern standards-based and classic web applications and APIs. AM’s purpose is to enable SSO access for people (employees, consumers and other users) and machines to protected applications in a streamlined and consistent way that enhances the user experience. AM is also responsible for providing security controls to protect the user session in runtime, enforcing authentication and authorization using adaptive access. Lastly, AM can provide identity context for other cybersecurity tools and reliant applications to enable identity-first security.
'Application integration platforms enable independently designed applications, apps and services to work together. Key capabilities of application integration technologies include: • Communication functionality that reliably moves messages/data among endpoints. • Support for fundamental web and web services standards. • Functionality that dynamically binds consumer and provider endpoints. • Message validation, mapping, transformation and enrichment. • Orchestration. • Support for multiple interaction patterns, content-based routing and typed messages.
The market for ESP platforms consists of software subsystems that perform real-time computation on streaming event data. They execute calculations on unbounded input data continuously as it arrives, enabling immediate responses to current situations and/or storing results in files, object stores or other databases for later use. Examples of input data include clickstreams; copies of business transactions or database updates; social media posts; market data feeds; images; and sensor data from physical assets, such as mobile devices, machines and vehicles.
Gartner defines integration platform as a service (iPaaS) as a vendor-managed cloud service that enables end users to implement integrations between a variety of applications, services and data sources, both internal and external to their organization. iPaaS enables end users of the platform to integrate a variety of internal and external applications, services and data sources for at least one of the three main uses of integration technology: Data consistency: The ability to monitor for or be notified by applications, services and data sources about changes, and to propagate those changes to the appropriate applications and data destinations (for example, “synchronize customer data” or “ingest into data lake”). Multistep process: The ability to implement multistep processes between applications, services and data sources (for example, to “onboard employee” or “process insurance claim”). Composite service: The ability to create composite services exposed as APIs or events and composed from existing applications, services and data sources (for example, to create a “credit check” service or to create a “generate fraud score” service). These integration processes, data pipelines, workflows, automations and composite services are most commonly created via intuitive low-code or no-code developer environments, though some vendors provide more-complex developer tooling.
Gartner defines user authentication as the journey-time process that provides credence in a claim to an identity established for a person for access to digital assets. User authentication is delivered by some combination of (a) an authenticator, (b) signals evaluation and (c) an authentication decision point, which may be from different vendors. User authentication is used to provide credence in an identity claim for a person already known to an organization. The credence must be sufficient to bring account takeover (ATO) risks within the organization’s risk tolerance. User authentication is foundational to and protects the value of other functions with an organization’s identity fabric, namely: runtime authorization, especially segregation of duties (SOD); audit (individual accountability); and identity analytics.