The trend toward consolidation in the broader cybersecurity industry over the past few years is now reaching the identity sector. Organizations find that it's often simpler and more efficient to have a single vendor provide all or most of their needed identity functions, leading to greater integration among various components and an overall higher identity-security posture.
"There's a level of integration that is managed by the vendor which is just better for your user experience," says Art Gilliland, CEO of privileged access management provider Delinea. "These things just work together cleanly, versus you having to deploy and then manage all those integrations."
The shift toward consolidation is being sped up by the reliability of cloud-native platforms, which can add new features and functions without having to go through on-premises deployment processes. Companies that adopt such platforms can quickly achieve identity resilience and flexibility, better preparing them to meet emerging threats.
Why the shift toward platformization is happening
A recent survey conducted by Dimensional Research and cited by a Delinea blog post found that the average company uses more than 25 different identity-management systems. That parallels other recent surveys in which large enterprises report using more than 100 different vendors across all fields of cybersecurity.
That's far from ideal. That's too many tools, too many interfaces to monitor, too many vendor relationships to manage. It can also be a drain on staff availability as constant re-training is often needed.
Of course, you also have to get all these different parts from different vendors to work with each other. Some may be very compatible with each other, while others may not be.
"Let's say you purchased different identity management solutions from different vendors," writes Delinea's Phil Calvin in a blog post. "Each one would have its own data model, permission set, unique way of dealing with provisioning, etc. If you wanted to integrate those tools, you'd need to build the connection points yourself or pay a systems integrator to do it."
Yet as identity supplants the vanishing network perimeter as the front line of cybersecurity, the importance of having robust, well-oiled identity-security systems is paramount.
A 2024 survey of 1,800 IT and security managers conducted by Delinea revealed that 80% of companies with 500 or more employees had undergone an identity-related cyberattack in the previous 12 months. Of those attacked, more than 90% had measurable losses.
Organizations have responded accordingly, with a 2025 study commissioned by Delinea finding that the majority of 300 surveyed companies already spent at least 20% of their IT budgets on identity and access management. Seventy-eight percent of respondents said they planned to increase their identity-security spending in the coming year.
One-third said the complexity of their existing identity infrastructures was the biggest obstacle toward improving their identity security. It shouldn't be surprising that 88% of all respondents said they were considering reducing their number of identity vendors.
Again, this trend mirrors what's going on in the wider cybersecurity industry. A 2022 Gartner survey found that three-quarters of companies were seeking to reduce their number of cybersecurity vendors. Among companies that had whittled down their vendors to 10 or fewer, improved risk posture was a greater consideration than cost.
The benefits of a consolidated platform
Reduced costs are indeed nice to have. But organizations that switch to consolidated platforms will find that their overall operations are more efficient, the volume of distracting alert noise will be turned down, and SOC and identity staffers will have greater visibility into various systems while having fewer screens to keep an eye on.
"A single pane of glass to be able to manage and view all elements of a network," says Delinea President Chris Kelly. "Less overall management. The pricing benefits, in many cases, when you start to consolidate. And then just the underlying technology benefits of it."
You'll also get greater policy enforcement, better integration and correlation among components and functions, fewer misconfigurations, less risk of non-compliance, faster automated response times and orchestrations and, in hybrid cloud/on-prem environments, fewer patches and upgrades to worry about.
When using different tools from disparate vendors, Gilliland says, "if one side upgraded, but the other side wasn't compatible, you had to wait, or you couldn't upgrade. And so, you were kind of stuck."
"Whereas in platforms that are fully created," he adds, "it is upgrading and updating itself, and you're not actually having to do that."
If possible, it might be best to go for a consolidated identity platform that lives entirely in the cloud. Modern identity-security systems need to be cloud-based to maximize scalability and response times, not to mention the ease of adding upgrades and modules. Automation of the platform is key, as are cloud-native security tools like cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM).
"You should absolutely invest in platforms that can scale and adapt specifically as the identity-security journey evolves and [your] business grows," says Kelly. "Don't be pigeonholed by non-extensible platforms."
It's true that there are some disadvantages to using consolidated platforms. No one wants to put all their eggs in one basket, and some organizations might worry about vendor lock-in. Platform bundles may not always offer best-of-breed solutions for specialized issues.
However, no platform we've encountered is an all-or-nothing proposition. Every vendor of consolidated platforms that we know of lets its clients customize according to their needs. For example, if a company wanted to keep its identity governance and administration (IGA) solution, or its basic authentication system, platform vendors would be happy to provide only the parts requested.
"[The Delinea Platform] can be completely customized based on where they are in their identity-security lifecycle and journey," says Kelly. "We have an increasing number of customers that do start that way [by mixing and matching]. Because what ends up happening is they'll have a specific use case or a project, and they've already made an investment in existing technology."
What to consider when you're considering a platform
As with all major technology purchases, there are a number of steps to go through before committing to a specific solution. The key is to gather as much knowledge as possible, both about potential providers and about your organization's own needs and plans.
1. Assess your organization. Find out what it has, what's at risk and what it needs — both right now and into the future. Where does the company plan to be five years from now? What kind of identity infrastructure will help it get there?
2. What can you keep? Not everything needs to be ripped out and replaced. If something works well and can be integrated into a larger modern platform, consider retaining or repurposing it.
3. Create a wish list. There will be features and functions that may not be absolutely necessary, but which it would be nice to have.
4. Create and present a plan. Put together a roadmap for identity development, along with a budget proposal, and present it to the stakeholders — executives, certainly, but maybe key clients and vendors as well.
5. Query vendors. Which one can integrate best with the tools your organization plans to keep? Which has the feature set that best fits your needs? Which has the most flexible and resilient platform? Don't forget to ask each contender about their own five-year development roadmap, because you'll be along for the ride.
6. Ask around. Reach out to other companies in your industry to see if they have recommendations for vendors or partners. Don't focus just on the costs of implementing a consolidated platform, but also how such a platform improved another company's security posture.
"My personal belief is that platformization is going to continue to be a trend," says Kelly. "How broadly and how many platforms organizations have will depend on the organization and their policies."
"Before, you might be able to have a central management console, but all of the different tools ran in different ways," he adds. "The concept of a truly native platform gives you just incredible scale and incredible, incredible opportunity to evolve."
