Research Reports

Detailed standalone research

We provide a range of standalone independent research reports that are used as part of market intelligence, due diligence and procurement advisory.

From executive summary vendor assessments through to virtual proof of concept technology test drives, our reports are available on a pay as you go and vendor reprint basis.

Continual Vendor Tracking

Daily and monthly comment

Our IAM Radar provides continual intelligence, insight and expert analyst comment on a range of established and emerging vendors in the global identity space.

We track a range of open source intelligence signals to create a curated headlines and comment service.

1 – iam radar

Market understanding

Continual industry comment across a range of established vendors – using a curated list of their social narrative, product news, case studies, funding and events.

2 – vendor assessment

executive summary

Leverage a high level executive research report on a selected vendor – using open source intelligence, vendor briefings and desk based research.

3 – technology test drive

virtual proof of concept

A detailed long read product labs report performed as a virtual proof of concept. Software usage, implementation and step by step screen shots and comment.

  • Expert Comment
  • Continual Intelligence
  • Social Media Tracking
  • Product Releases
  • News & Events
  • Monthly Subscription
  • Key Facts
  • Funding
  • Case Studies Analysis
  • Technology Review
  • Strengths & Challenges
  • Available for Vendor Reprint
  • Detailed Software Testing
  • Use Case Focused
  • Step by Step
  • Screen Shots and Comment
  • Virtual PoC
  • Available for Vendor Reprint

Latest IAM Vendor Insight

Comment and analysis on established and emerging vendors in the global identity and access management space.

A review of the recent re-brand of Microsoft Entra for their IAM capabilities and the results of two community polls relating to Microsoft adoption.
Today I'm proud to announce the launch of The Cyber Hut's IAM Radar: a subscription based curated vendor intelligence report. Released monthly, the report tracks the top 6 vendors in the global identity and access management space, providing insight, impartial comment and analysis to empower those within industry, consultancy, vendor and investment communities.
An introduction to just in time, next generation authorization vendor

Passwordless authentication is often described as improving both the usability and security aspects of both the employee and customer identity journeys. Many approaches to passwordless have emerged over the last 5 years - including hardware, software, biometric and standards based initiatives.

In November 2021, The Cyber Hut released a 61 page buyer guide for passwordless authentication, describing the vendor capabilities, requirements, integration options, B2E and B2C use cases and planning recommendations for migration.

A brief snapshot of questions to consider, when engaging software based solution providers in this space is described here.

Let us start with the basics. IDQL stands for Identity Query Language. The description given to it from the Hexa website (I'll come back to Hexa in a minute) is "Identity Query Language (IDQL) is a declarative access policy and set of APIs that enables the mapping of a centrally managed policy into the native format of multiple clouds and application platforms". The main initiator of the IDQL project is Strata who issued a press release back in May 2022 outlining the concept and idea. Strata is the "identity orchestration" company, that looks to solve the growing problem where identity and permissions data is being spread across a multi-cloud landscape - but somehow needs to be managed centrally in order to improve visibility and security.
Styra, the team behind "Cloud Native Authorization" recently announced a few feature called "Styra Run". Their launch blog back in July described Run as being "a new holistic approach" to authorization. But that is trying to solve? Styra are behind the popular Open Policy Agent - a policy driven decision engine for authorization in cloud native environments. Whilst likely OPA is focused on the protection of infrastructure (think containerized ecosytems) it is also used for protecting APIs and custom applications. The developer-first angle sees a dedicated rule language and the storage of policy data in files. The OPA project on github has over 7000 stars.
An introduction to authorization startup Aserto.
Vendor introduction report covering - an emerging vendor in the Identity Threat Detection and Response sector.
An independent vendor assessment of Axiomatics, covering Company Key Facts, Funding, Case Studies, Technology Key Facts, Technology Review and Strengths Analysis.
This post is only available to members.
An overview and introduction to ConductorOne, an identity governance automation platform.
A technology test drive of Open Policy Agent.
An independent vendor assessment of Scaled Access, covering Company Key Facts, Funding, Case Studies, Technology Key Facts, Technology Review and Strengths Analysis.
This post is only available to members.

Augmented Vendor Intelligence.
Get Started Today.