Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
01:00 PM
Gerry Gebel
Gerry Gebel
Connect Directly
E-Mail vvv

How to Bridge On-Premises and Cloud Identity

Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.

The sheer number of identities that organizations must manage is nothing less than mind-boggling. In some cases, the figure can extend into the hundreds of thousands or even millions of people and devices. Historically, these identities would be spread across several internal "identity silos" that were hard-coded to business applications, legacy identity infrastructure, or a specific data center.

Related Content:

Are Security Attestations a Necessity for SaaS Businesses?

Special Report: Building the SOC of the Future

New From The Edge: The NSA's 'New' Mission: Get More Public With the Private Sector

Today, identity silos have also emerged across all the cloud services and software-as-a-service (SaaS) applications that an enterprise consumes, creating a challenge to manage a vastly distributed infrastructure. Making matters worse, every time an organization spins up a new cloud or installs new devices, the number — and complexity — inches upward.

As companies attempt to navigate this space, it's vital to take a more holistic and streamlined approach. With unified access and control — and visibility into the entire enterprise environment — there are no disparate and disconnected identity silos, and more-effective governance and security emerge.

That's where an identity fabric, the next generation of identity access management (IAM), comes in. By connecting identity silos and unifying tasks, organizations typically trim costs, reduce staff time spent managing IDs, and, most importantly, boost security and compliance.

Stretching the Fabric
Many organizations struggle to enforce rules and policies within today's complex and heterogeneous multicloud IT environments. An identity fabric takes aim at this problem by providing across-the-stack integration with individual cloud platforms, identity providers, SaaS applications, data services, and networks. This includes cloud services such as AWS or Azure, SaaS applications, data systems, and software-defined networking providers. [Note: The author's company is one of a number of companies offering identity fabric.]

Once connectivity is established, an identity fabric enables orchestration of these disparate environments to achieve consistent identity and access policy management. Centrally defined policies for access are disseminated to the target systems into native runtime formats — the actual language and structure the target system supports. 

The engine that drives this framework is API-based for ease of integration and deployment. Existing APIs reduce and sometimes eliminate entirely the need for custom coding. This allows organizations to connect systems quickly and efficiently and perform all the policy conversions required for real-world identity management and authentication. For example, if a specific application requires multifactor authentication (MFA), the fabric routes the process to the proper identity provider or MFA provider to facilitate that action.

As organizations transition to multicloud environments and diverse SaaS apps — each with different standards and frameworks — an identity fabric eliminates the need to manage and connect identities manually. As a result, identity fabrics enable a more streamlined, flexible approach.

Material Benefits
Identity fabric has other benefits. For example, the technology can simplify a migration from a data center to a cloud or from one cloud platform to another. If a company wants to migrate from an on-premises to cloud identity system, the process can take place without the need to rewrite applications. The identity fabric maps and transfers all the information.

In addition, there's no interruption to access management — and the security risks it can introduce. The fabric routes users to the correct identity system for a particular business application. For example, in the case of a migration to Microsoft Azure AD, on Day 1 of a migration, users would authenticate with the existing on-premises legacy access management system. However, on Day 2, after the migration process has been finalized, they go through the fabric and into the Microsoft Azure Active Directory cloud identity system.

There are a few things to consider before deploying identity fabric. It requires some type of central server to connect everything, there's a need for a robust discovery process, and an organization must establish clear policies that address roles and access rights and authentication methods. Complete orchestration can take place only with a well-conceived governance and policy framework in place.

Identity management is moving in the direction of identity fabric. This cloud-native framework removes the need for multiple, siloed, proprietary identity systems. It strips away the manual aspects of IAM and the security and compliance challenges that can accompany it. Instead, an organization can concentrate on getting work done faster and more efficiently, even within complex environments.

Gerry Gebel is Head of Standards at Strata Identity. He previously served as vice president of business development for  Axiomatics, a global provider of access controls solutions. Gerry was also Vice President & Service Director with identity-focused research firm ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file