Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/15/2021
01:00 PM
Gerry Gebel
Gerry Gebel
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Bridge On-Premises and Cloud Identity

Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.

The sheer number of identities that organizations must manage is nothing less than mind-boggling. In some cases, the figure can extend into the hundreds of thousands or even millions of people and devices. Historically, these identities would be spread across several internal "identity silos" that were hard-coded to business applications, legacy identity infrastructure, or a specific data center.

Related Content:

Are Security Attestations a Necessity for SaaS Businesses?

Special Report: Building the SOC of the Future

New From The Edge: The NSA's 'New' Mission: Get More Public With the Private Sector

Today, identity silos have also emerged across all the cloud services and software-as-a-service (SaaS) applications that an enterprise consumes, creating a challenge to manage a vastly distributed infrastructure. Making matters worse, every time an organization spins up a new cloud or installs new devices, the number — and complexity — inches upward.

As companies attempt to navigate this space, it's vital to take a more holistic and streamlined approach. With unified access and control — and visibility into the entire enterprise environment — there are no disparate and disconnected identity silos, and more-effective governance and security emerge.

That's where an identity fabric, the next generation of identity access management (IAM), comes in. By connecting identity silos and unifying tasks, organizations typically trim costs, reduce staff time spent managing IDs, and, most importantly, boost security and compliance.

Stretching the Fabric
Many organizations struggle to enforce rules and policies within today's complex and heterogeneous multicloud IT environments. An identity fabric takes aim at this problem by providing across-the-stack integration with individual cloud platforms, identity providers, SaaS applications, data services, and networks. This includes cloud services such as AWS or Azure, SaaS applications, data systems, and software-defined networking providers. [Note: The author's company is one of a number of companies offering identity fabric.]

Once connectivity is established, an identity fabric enables orchestration of these disparate environments to achieve consistent identity and access policy management. Centrally defined policies for access are disseminated to the target systems into native runtime formats — the actual language and structure the target system supports. 

The engine that drives this framework is API-based for ease of integration and deployment. Existing APIs reduce and sometimes eliminate entirely the need for custom coding. This allows organizations to connect systems quickly and efficiently and perform all the policy conversions required for real-world identity management and authentication. For example, if a specific application requires multifactor authentication (MFA), the fabric routes the process to the proper identity provider or MFA provider to facilitate that action.

As organizations transition to multicloud environments and diverse SaaS apps — each with different standards and frameworks — an identity fabric eliminates the need to manage and connect identities manually. As a result, identity fabrics enable a more streamlined, flexible approach.

Material Benefits
Identity fabric has other benefits. For example, the technology can simplify a migration from a data center to a cloud or from one cloud platform to another. If a company wants to migrate from an on-premises to cloud identity system, the process can take place without the need to rewrite applications. The identity fabric maps and transfers all the information.

In addition, there's no interruption to access management — and the security risks it can introduce. The fabric routes users to the correct identity system for a particular business application. For example, in the case of a migration to Microsoft Azure AD, on Day 1 of a migration, users would authenticate with the existing on-premises legacy access management system. However, on Day 2, after the migration process has been finalized, they go through the fabric and into the Microsoft Azure Active Directory cloud identity system.

There are a few things to consider before deploying identity fabric. It requires some type of central server to connect everything, there's a need for a robust discovery process, and an organization must establish clear policies that address roles and access rights and authentication methods. Complete orchestration can take place only with a well-conceived governance and policy framework in place.

Identity management is moving in the direction of identity fabric. This cloud-native framework removes the need for multiple, siloed, proprietary identity systems. It strips away the manual aspects of IAM and the security and compliance challenges that can accompany it. Instead, an organization can concentrate on getting work done faster and more efficiently, even within complex environments.

Gerry Gebel is Head of Standards at Strata Identity. He previously served as vice president of business development for  Axiomatics, a global provider of access controls solutions. Gerry was also Vice President & Service Director with identity-focused research firm ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40669
PUBLISHED: 2021-09-16
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.
CVE-2021-40670
PUBLISHED: 2021-09-16
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
CVE-2021-29763
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
CVE-2021-29825
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
CVE-2021-29842
PUBLISHED: 2021-09-16
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.