Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
01:00 PM
Gerry Gebel
Gerry Gebel
Connect Directly
E-Mail vvv

How to Bridge On-Premises and Cloud Identity

Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.

The sheer number of identities that organizations must manage is nothing less than mind-boggling. In some cases, the figure can extend into the hundreds of thousands or even millions of people and devices. Historically, these identities would be spread across several internal "identity silos" that were hard-coded to business applications, legacy identity infrastructure, or a specific data center.

Related Content:

Are Security Attestations a Necessity for SaaS Businesses?

Special Report: Building the SOC of the Future

New From The Edge: The NSA's 'New' Mission: Get More Public With the Private Sector

Today, identity silos have also emerged across all the cloud services and software-as-a-service (SaaS) applications that an enterprise consumes, creating a challenge to manage a vastly distributed infrastructure. Making matters worse, every time an organization spins up a new cloud or installs new devices, the number — and complexity — inches upward.

As companies attempt to navigate this space, it's vital to take a more holistic and streamlined approach. With unified access and control — and visibility into the entire enterprise environment — there are no disparate and disconnected identity silos, and more-effective governance and security emerge.

That's where an identity fabric, the next generation of identity access management (IAM), comes in. By connecting identity silos and unifying tasks, organizations typically trim costs, reduce staff time spent managing IDs, and, most importantly, boost security and compliance.

Stretching the Fabric
Many organizations struggle to enforce rules and policies within today's complex and heterogeneous multicloud IT environments. An identity fabric takes aim at this problem by providing across-the-stack integration with individual cloud platforms, identity providers, SaaS applications, data services, and networks. This includes cloud services such as AWS or Azure, SaaS applications, data systems, and software-defined networking providers. [Note: The author's company is one of a number of companies offering identity fabric.]

Once connectivity is established, an identity fabric enables orchestration of these disparate environments to achieve consistent identity and access policy management. Centrally defined policies for access are disseminated to the target systems into native runtime formats — the actual language and structure the target system supports. 

The engine that drives this framework is API-based for ease of integration and deployment. Existing APIs reduce and sometimes eliminate entirely the need for custom coding. This allows organizations to connect systems quickly and efficiently and perform all the policy conversions required for real-world identity management and authentication. For example, if a specific application requires multifactor authentication (MFA), the fabric routes the process to the proper identity provider or MFA provider to facilitate that action.

As organizations transition to multicloud environments and diverse SaaS apps — each with different standards and frameworks — an identity fabric eliminates the need to manage and connect identities manually. As a result, identity fabrics enable a more streamlined, flexible approach.

Material Benefits
Identity fabric has other benefits. For example, the technology can simplify a migration from a data center to a cloud or from one cloud platform to another. If a company wants to migrate from an on-premises to cloud identity system, the process can take place without the need to rewrite applications. The identity fabric maps and transfers all the information.

In addition, there's no interruption to access management — and the security risks it can introduce. The fabric routes users to the correct identity system for a particular business application. For example, in the case of a migration to Microsoft Azure AD, on Day 1 of a migration, users would authenticate with the existing on-premises legacy access management system. However, on Day 2, after the migration process has been finalized, they go through the fabric and into the Microsoft Azure Active Directory cloud identity system.

There are a few things to consider before deploying identity fabric. It requires some type of central server to connect everything, there's a need for a robust discovery process, and an organization must establish clear policies that address roles and access rights and authentication methods. Complete orchestration can take place only with a well-conceived governance and policy framework in place.

Identity management is moving in the direction of identity fabric. This cloud-native framework removes the need for multiple, siloed, proprietary identity systems. It strips away the manual aspects of IAM and the security and compliance challenges that can accompany it. Instead, an organization can concentrate on getting work done faster and more efficiently, even within complex environments.

Gerry Gebel is Head of Standards at Strata Identity. He previously served as vice president of business development for  Axiomatics, a global provider of access controls solutions. Gerry was also Vice President & Service Director with identity-focused research firm ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-11-29
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
PUBLISHED: 2022-11-29
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgr...
PUBLISHED: 2022-11-29
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for...
PUBLISHED: 2022-11-29
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
PUBLISHED: 2022-11-29
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclose...