It was an honor for me to be invited by Rela8 Group to participate in the Technology Leaders Club Private Virtual roundtable along with esteemed thought leaders in technology. The theme of our topic was “Modernizing Identity Fabric Strategies in a Hybrid Cloud Environment”. I found the rich discussions thought provoking and enriching. Though our backgrounds were diverse, we were unified in how to approach modernization of identity strategies.
I am approaching this article with my experience in networking architectures to share more of the core principles of modernization, and not focus on specific tools to be used.
What is an identity fabric?
It is a comprehensive approach to identity management across an enterprise’s entire IT environment that integrates various identity and access management (IAM) tools and solutions across on-premises and hybrid clouds for a cohesive user experience.
IAM scope includes:
- Authentication and authorization: to verify who is allowed and what are they authorized to do.
- Identity Governance and Administration (IGA): to ensure authority levels are current when people move around.
- Privileged Access Management (PAM): to manage elevated access levels.
- Confidentiality, Integrity, and Availability (CIA): to protect sensitive information, guarantee information is reliable and available only to users who have access when they need them.
What are enterprises struggling with?
Enterprises are struggling to adapt to future needs. They need to develop strategies to get a handle on the user identities of various personas and the systems they use. In addition to protecting the enterprise in a compliant manner, they must optimize operations and provide a cohesive user experience for their employees, customers, and partners operating in Hybrid Cloud Environments.
How I see an enterprise modernizing their identity fabric journey
By establishing the governance process and a single source of truth, the modernization journey is a plan to get from current state to incrementally new states. When tools are consolidated, a mapping of the existing to the new consolidated tool makes it possible to act on the changes needed with swing migrations to effect the change. Divestitures are especially painful as untangling identities can be more like unmixing paint! A staged approach that identifies gaps and fixes them makes the journey more practical.
Each enterprise journey is unique. The pandemic accelerated enterprises to put together quick solutions to enable different ways to work, and this created varied pocket implementations – a patch work of protections and tools sprawl. The move to hybrid cloud is an existential reality that enterprises must tackle with effective protections, auditability, and governance.
The 1st step is knowing the user personas, what they are allowed to do and when they are allowed to access systems. One persona of a user is as an employee and the systems they use. Another employee persona is how they serve customers and partners. User personas of customers and partners also need to access the systems and services provided by the enterprise.
Equally important is a robust inventory of the systems with attributes of who is allowed to act on the systems based on their roles, and when they are allowed to gain access. Handling least privilege access principles and just in time authorization should be a part of the identity fabric strategy.
Having a single source of truth that provides granular controls of a user’s identity with a hierarchy of what the user is allowed to do in context sets the structure. Automation is crucial to handle the life cycle with proper compliance, approvals, and auditability.
Decoupling authentication from authorization allows the authorization to take please in the right context. With hybrid environments, each public cloud is best equipped to address its own authorization as it is closest to the context of the environment.
Governance, gap analysis and plugging any drift in a timely manner is imperative to realize the identity strategy for the enterprise.
My Key Takeaways:
Enterprises are adopting a zero-trust framework and identity fabric strategies are an important part of the framework.
There is a need for action.
The key question is, are enterprises ready?
To navigate the identity fabric strategies:
- Understand your user identities, the personas, and the context in which they operate.
- Establish a single source of truth to manage inventories of users and systems with the expected posture.
- Decouple authentication from authorization.
- Establish a governance process for your identity fabric strategy.
- Come up with a plan for identity fabric modernization, and tools consolidation.
- Map existing identities and access to the incremental new states.
- Execute the modernization journey steps.
- Analyze and audit logs, find gaps and fix them.
- Automate, automate, automate!
Thanks again, to the Rela8 Group Ltd Technology Leaders Club, and to Jorell Jemmett for providing me the opportunity to participate with esteemed leaders in the IT industry.
Deepika has a passion for evolving technologies to apply them to solve customer challenges. Her various career roles in IBM, Cisco and Kyndryl have shaped her perspectives from customers, sales, engineering, delivery, support, and managed services. Deepika leads networking architectures at Kyndryl where she builds leading edge solutions collaborating across IT domains and technology partners.