Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
01:00 PM
Gerry Gebel
Gerry Gebel
Connect Directly
E-Mail vvv

How to Bridge On-Premises and Cloud Identity

Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.

The sheer number of identities that organizations must manage is nothing less than mind-boggling. In some cases, the figure can extend into the hundreds of thousands or even millions of people and devices. Historically, these identities would be spread across several internal "identity silos" that were hard-coded to business applications, legacy identity infrastructure, or a specific data center.

Related Content:

Are Security Attestations a Necessity for SaaS Businesses?

Special Report: Building the SOC of the Future

New From The Edge: The NSA's 'New' Mission: Get More Public With the Private Sector

Today, identity silos have also emerged across all the cloud services and software-as-a-service (SaaS) applications that an enterprise consumes, creating a challenge to manage a vastly distributed infrastructure. Making matters worse, every time an organization spins up a new cloud or installs new devices, the number — and complexity — inches upward.

As companies attempt to navigate this space, it's vital to take a more holistic and streamlined approach. With unified access and control — and visibility into the entire enterprise environment — there are no disparate and disconnected identity silos, and more-effective governance and security emerge.

That's where an identity fabric, the next generation of identity access management (IAM), comes in. By connecting identity silos and unifying tasks, organizations typically trim costs, reduce staff time spent managing IDs, and, most importantly, boost security and compliance.

Stretching the Fabric
Many organizations struggle to enforce rules and policies within today's complex and heterogeneous multicloud IT environments. An identity fabric takes aim at this problem by providing across-the-stack integration with individual cloud platforms, identity providers, SaaS applications, data services, and networks. This includes cloud services such as AWS or Azure, SaaS applications, data systems, and software-defined networking providers. [Note: The author's company is one of a number of companies offering identity fabric.]

Once connectivity is established, an identity fabric enables orchestration of these disparate environments to achieve consistent identity and access policy management. Centrally defined policies for access are disseminated to the target systems into native runtime formats — the actual language and structure the target system supports. 

The engine that drives this framework is API-based for ease of integration and deployment. Existing APIs reduce and sometimes eliminate entirely the need for custom coding. This allows organizations to connect systems quickly and efficiently and perform all the policy conversions required for real-world identity management and authentication. For example, if a specific application requires multifactor authentication (MFA), the fabric routes the process to the proper identity provider or MFA provider to facilitate that action.

As organizations transition to multicloud environments and diverse SaaS apps — each with different standards and frameworks — an identity fabric eliminates the need to manage and connect identities manually. As a result, identity fabrics enable a more streamlined, flexible approach.

Material Benefits
Identity fabric has other benefits. For example, the technology can simplify a migration from a data center to a cloud or from one cloud platform to another. If a company wants to migrate from an on-premises to cloud identity system, the process can take place without the need to rewrite applications. The identity fabric maps and transfers all the information.

In addition, there's no interruption to access management — and the security risks it can introduce. The fabric routes users to the correct identity system for a particular business application. For example, in the case of a migration to Microsoft Azure AD, on Day 1 of a migration, users would authenticate with the existing on-premises legacy access management system. However, on Day 2, after the migration process has been finalized, they go through the fabric and into the Microsoft Azure Active Directory cloud identity system.

There are a few things to consider before deploying identity fabric. It requires some type of central server to connect everything, there's a need for a robust discovery process, and an organization must establish clear policies that address roles and access rights and authentication methods. Complete orchestration can take place only with a well-conceived governance and policy framework in place.

Identity management is moving in the direction of identity fabric. This cloud-native framework removes the need for multiple, siloed, proprietary identity systems. It strips away the manual aspects of IAM and the security and compliance challenges that can accompany it. Instead, an organization can concentrate on getting work done faster and more efficiently, even within complex environments.

Gerry Gebel is Head of Standards at Strata Identity. He previously served as vice president of business development for  Axiomatics, a global provider of access controls solutions. Gerry was also Vice President & Service Director with identity-focused research firm ... View Full Bio
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...