With organizations moving to multi-cloud and hybrid environments, identity and access management, especially in the age of devastating cyberattacks, has become a sore point for many organizations. Different environments and vendor software come with unique identity systems that don’t necessarily interact, and IT teams struggle to maintain absolute visibility over user identities and access controls. That being said, is there a technology that can help organizations govern all identity systems and apply a uniform policy? Let’s look at why identity orchestration could be the answer.
Earlier this year, Gartner predictedOpens a new window that risk management leaders might face “increasingly complex†identity and access management challenges this year due to the sudden and rapid expansion of the remote workforce and the need to increase customer-facing interactions on digital channels. “Many organizations lack the skills and resources to manage effectively. Leaders must improve their approaches to identity proofing, develop stronger vendor management skills and mitigate the risks of an increasingly remote workforce,†said Akif Khan, Senior Director Analyst, Gartner.
Among the top security and risk management trends for 2021, Gartner identified the adoption of the cybersecurity mesh as the top trendOpens a new window . It said that the mesh provides “foundational security services and centralized policy management and orchestration.†It removes the need to run security systems in silos and “allows organizations to extend security controls to distributed assets.â€
Fig. 1: Top Security and Risk Management Trends for 2021 (Source: Gartner, March 2021)
Another major trend identified by Gartner is the concept of Identity-first Security. This approach calls for organizations to put identity at the center of security design to enhance visibility and monitoring identities. “While a lot of money and time has been spent on multi factor authentication, single sign-on and biometric authentication, very little has been spent on effective monitoring of authentication to spot attacks against this infrastructure,†said Peter Firstbrook, research vice president at Gartner.
Learn More: Top 10 Best Practices to Manage Hybrid Cloud Security Challenges in 2021
Why Identity Orchestration Supports an Identity-First Approach
Before taking a deep dive into what identity orchestration denotes and what role it may serve in the future, let’s look at what orchestration itself means. According to Stephen Watts from BMC SoftwareOpens a new window , in the context of DevOps, orchestration is the “automated coordination of automated activities- basically the large-scale coordination of basic tasks that are programmatically performed through micro-level scripts.†In the context of the cloud, Watts says, orchestration involves “automating the workflow processes to deliver resources as a service.â€
According to Strata IdentityOpens a new window , Identity Orchestration, which is a cyber security-oriented terminology, is delivered through software that creates a logical Identity Fabric that ensures identities and user access policies are consistent across disparate identity systems and multiple locations, both in the cloud and on-premises.
This denotes that in a multi-cloud environment or a hybrid environment, where enterprise resources and applications are deployed both on-premises and in the cloud, the Identity Fabric ensures that the organization can monitor identities that are maintained across diverse identity systems, be it legacy on-premise systems or cloud-based ones.
This approach ensures that Identity Orchestration is key for organizations that intend to jump onto the bandwagon of both an identity-first paradigm and a mesh strategy, the top trends identified by Gartner for the post-pandemic age.Â
Eric Olden, the founder and CEO of Strata Identity, wrote in an article for Toolbox that in hybrid environments, users, their profile data and attributes are distributed across the cloud and on-premises system. This necessitates an orchestrated approach that can enable the monitoring and governance of decades-old identity systems and modern cloud-based ones uniformly.
“An orchestration system can automate identity management across different cloud and legacy systems and bridge gaps between them. Orchestration software can figure out if 10% of the apps use cloud identity and the rest are in the on-premises system and handle them accordingly. That ability helps migrations, as well, because as 10% becomes 20%, 30%, or 40% over time, it simply requires a new configuration, not application re-coding. This gives companies the flexibility to migrate incrementally to the cloud instead of making a disruptive big bang,†he wrote.
Learn More: Top 10 Hybrid Cloud Security Solution Companies in 2021
How Does an Identity Orchestration Software Work?
Let’s now look at how identity orchestration software works. To understand this, we spoke to Eric LeachOpens a new window , the co-founder and Chief Product Officer at Strata Identity. This was a no-brainer for the company recently unveiled MavericsOpens a new window , which, it says, is the world’s first distributed identity platform meant to work across multi-cloud and hybrid environments.Â
Leach began by explaining why the technology was developed in the first place. “The question is how organizations practice zero-trust in a multi-cloud or a hybrid cloud environment. In these environments, there are many identity silos. It is impossible to use one of these identity systems in a highly distributed environment and turn it into THE identity system that governs access to all cloud resources. Also, on the on-prem side, many older identity systems are nearing end of life, and there is a need for organizations to adopt modern identity management systems.
“Another part of the problem is that legacy identity systems don’t work well in cloud environments and cloud-based identity systems don’t work well in an on-premise environment. There was a glaring lack of a truly distributed identity platform. This is where Identity Orchestration comes in.â€
Fig. 2: How Identity Orchestrations Work (Source: Strata Identity)
Explaining how the orchestration platform really works, Leach said Maverics can abstract away all of the different APIs that one has to interact with to make all these identity systems work. The platform makes identities and policies consistent across all identity systems. This allows organizations to decouple the applications from being tied to any of those identity systems.
For example, suppose you have on-premises apps that are integrated with a legacy identity system, like CA SiteMinder or Access Manager, and are also using Office365 and AWS to run cloud applications at the same time. In that case, Identity Orchestration enables your organization to use any of these identity systems to provide authentication, MFA, authorization, risk detection and analysis. The Maverics platform orchestrates the interaction of users with identity systems to ensure seamless authentication for all users.
Reliable, Scalable & Key to User EfficiencyÂ
The Identity Orchestration platform, Leach says, works in the background, riding on top of existing protocols used by different identity systems, such as CA SiteMinder, SAML, or Open ID Connect. The platform obtains attributes from cloud platforms, directories, databases running on-prem, arbitrary APIs, web services and constructs a very rich view of a user’s profile.Â
The platform helps organizations keep track of policies, keep track of users and the attributes they carry, and the way they interact with applications. This visibility is uniform across all identity systems, whether on-prem ones or cloud-based ones. The platform supplies this data to IT teams that can visualize user access controls through log aggregation tools, SIEM products, or identity analytics tools of their choice. Â
Considering that on-premise applications no longer serve the needs of organizations looking at expanding operations, minimizing software latency, scale and diversify, organizations are quickly building applications on the cloud to meet emerging demands. Leach says that instead of trying to move all of their applications to the cloud in one go, organizations should conduct the shift incrementally while using identity orchestration to monitor all identities at the same time.
Leach also said that the orchestration platform suits the needs of the largest organizations that operate in multiple regions. This is because it was built from the ground up to be secure by design, cloud-scalable, and highly distributed. The scalability ensures that the platform supports all employees logging in to systems and applications from different locations at different times.Â
Learn More: How to Avoid Identity Governance Buyer’s Remorse
The Future of Identity Orchestration
Given the proliferation of public cloud services and the competition in the sector, the adoption of multi-cloud is booming. Before the end of this year, Gartner estimatesOpens a new window that over 75% of midsize and large organizations will have adopted a multicloud and/or hybrid IT strategy.
The adoption of multi-cloud and hybrid environments bodes well for technology like identity orchestration that unifies identity governance and monitoring while being platform-agnostic. “The feedback from organizations has been tremendous. Organizations are looking for uniform identity systems to govern all identities, but there is also skepticism about the technology,†Leach says.
Stiff competition among vendors and success stories can certainly tide over the initial skepticism. According to ResearchAndMarkets.comOpens a new window , the identity governance and administration market is set to grow at a CAGR of 17.2% between 2021 and 2026. In this period, big-name vendors such as Oracle, IBM, Sailpoint, SAP, Broadcom, Microsoft, and Okta are expected to improve their offerings to gain a more significant share in the market.
“The interplay between cloud, mobile and IoT technologies in the modern enterprise creates the need for a more granular approach to Identity and Access Management (IAM) via scalable solutions suitable for a variety of network environments. Hence, the need for security solutions, including security for identity-related crimes, is an essential factor driving the adoption of cloud identity governance and administration solutions,†the report says.
Do you think identity orchestration can fill the glaring need for an all-in-one solution in the identity governance industry? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!