How to Bridge On-Premises and Cloud Identity

The sheer number of identities that organizations must manage is nothing less than mind-boggling. In some cases, the figure can extend into the hundreds of thousands or even millions of people and devices. Historically, these identities would be spread across several internal "identity silos" that were hard-coded to business applications, legacy identity infrastructure, or a specific data center.

Today, identity silos have also emerged across all the cloud services and software-as-a-service (SaaS) applications that an enterprise consumes, creating a challenge to manage a vastly distributed infrastructure. Making matters worse, every time an organization spins up a new cloud or installs new devices, the number — and complexity — inches upward.

As companies attempt to navigate this space, it's vital to take a more holistic and streamlined approach. With unified access and control — and visibility into the entire enterprise environment — there are no disparate and disconnected identity silos, and more-effective governance and security emerge.

That's where an identity fabric, the next generation of identity access management (IAM), comes in. By connecting identity silos and unifying tasks, organizations typically trim costs, reduce staff time spent managing IDs, and, most importantly, boost security and compliance.

Stretching the Fabric
Many organizations struggle to enforce rules and policies within today's complex and heterogeneous multicloud IT environments. An identity fabric takes aim at this problem by providing across-the-stack integration with individual cloud platforms, identity providers, SaaS applications, data services, and networks. This includes cloud services such as AWS or Azure, SaaS applications, data systems, and software-defined networking providers. [Note: The author's company is one of a number of companies offering identity fabric.]

Once connectivity is established, an identity fabric enables orchestration of these disparate environments to achieve consistent identity and access policy management. Centrally defined policies for access are disseminated to the target systems into native runtime formats — the actual language and structure the target system supports.

The engine that drives this framework is API-based for ease of integration and deployment. Existing APIs reduce and sometimes eliminate entirely the need for custom coding. This allows organizations to connect systems quickly and efficiently and perform all the policy conversions required for real-world identity management and authentication. For example, if a specific application requires multifactor authentication (MFA), the fabric routes the process to the proper identity provider or MFA provider to facilitate that action.

As organizations transition to multicloud environments and diverse SaaS apps — each with different standards and frameworks — an identity fabric eliminates the need to manage and connect identities manually. As a result, identity fabrics enable a more streamlined, flexible approach.

Material Benefits
Identity fabric has other benefits. For example, the technology can simplify a migration from a data center to a cloud or from one cloud platform to another. If a company wants to migrate from an on-premises to cloud identity system, the process can take place without the need to rewrite applications. The identity fabric maps and transfers all the information.

In addition, there's no interruption to access management — and the security risks it can introduce. The fabric routes users to the correct identity system for a particular business application. For example, in the case of a migration to Microsoft Azure AD, on Day 1 of a migration, users would authenticate with the existing on-premises legacy access management system. However, on Day 2, after the migration process has been finalized, they go through the fabric and into the Microsoft Azure Active Directory cloud identity system.

There are a few things to consider before deploying identity fabric. It requires some type of central server to connect everything, there's a need for a robust discovery process, and an organization must establish clear policies that address roles and access rights and authentication methods. Complete orchestration can take place only with a well-conceived governance and policy framework in place.

Identity management is moving in the direction of identity fabric. This cloud-native framework removes the need for multiple, siloed, proprietary identity systems. It strips away the manual aspects of IAM and the security and compliance challenges that can accompany it. Instead, an organization can concentrate on getting work done faster and more efficiently, even within complex environments.