Identity Orchestration for Azure AD: Strata featured on the 425 Show
Strata’s Maverics Identity Orchestration solution was the featured topic while Microsoft’s Stefan van der Wiele interviewed four of Strata’s subject matter experts on an episode of the 425 Show on Twitch TV. Here we provide a recap of the highlights regarding identity orchestration in Azure environments.
First, the team was asked to describe how Strata came about and what’s driving its success. Many of Strata’s team members have a long history in the identity space and two of the executives are co-authors of SAML. They recognized the need to help organizations take control of the identities residing – and often hiding — across legacy and multi-cloud environments.
The term identity orchestration implies the ability to manage identities across both private and public clouds and do it quickly and cost-effectively.
The challenge for so many businesses is that they have a soup of identities, passwords, authentication, and authorization schemes. And they are highly distributed across multiple cloud environments that can’t interoperate.
Applications need to be migrated to the cloud and when someone is looking to move to Azure AD, for example, it may require a complete rewrite. That may be a non-starter for many companies because of the prohibitive cost and time involved.
Identity Orchestration allows you to decouple identity from apps to free organizations from vendor lock-in. It allows teams to continue down the path of moving to multi-cloud, and also towards the future where movement between public clouds will be commonplace and migration will be between public clouds rather than from just private to public clouds.
The business case for Identity Orchestration
During this show, the Strata team made a very good point that many companies will continue to rely on legacy applications for the foreseeable future. Just because an application is considered “legacy” does not mean a company isn’t dependent on it or that the application doesn’t provide business value.
Some companies find their modernization and migration efforts impeded because they are managing apps on a hybrid of private and public cloud(s). Identity Orchestration does not require rewrites for legacy apps which can save companies significant amounts of time and expense during their digital transformation.
Migrating apps from legacy identity systems — such as SiteMinder, Oracle Access Manager (OAM), RSA ClearTrust, IBM, Ping, and Active Directory — is complex, time-consuming, and costly. Rewriting each legacy app to work with standards-based, modern cloud identity isn’t realistic. With Strata’s Maverics Identity Orchestration Platform, you don’t have to rewrite apps to make legacy apps work with your cloud identities.
Another key point that was brought up by the team is that identity orchestration brings older apps into compliance. Most companies have certain levels of compliance that must be maintained due to corporate or governmental mandates. If a legacy application is still considered mission-critical but lacks modern security functions, Identity Orchestration can add additional security to the app, bringing it into compliance.
How does the “magic” of Identity Orchestration work?
Strata explained that identity orchestration works through an abstraction layer. This layer of software decouples the dependency of building security mechanisms inside the applications themselves.
This means that almost any protocol can be supported and extracted. For example, a company may want to move to OIDC but this means modernizing their app. With Identity Orchestration, this is now possible without the burden of rewriting apps. Customers who don’t have some of the more common security scenarios are creating their own connectors.
From a nuts-and-bolts standpoint, the Maverics Platform is a binary run as a service on a Linux box. It runs as a single service with a single configuration file. It can be run in the cloud and you can deploy multiple instances for high availability and scalability. The solution makes use of a single YAML file for very straightforward integration with your CI/CD pipeline.
Common identity use case
The Strata team shared with the audience a very common scenario where a company wants to modernize its web apps on Azure. They may have hundreds of legacy applications that need this support. With a simple configuration and through the use of Identity Orchestration, they can quickly enforce Azure AD authentication. Policy definitions are simple. A company could enforce access to only the finance department located in Canada, for example. If changes are ever needed, only a few lines of the configuration file need to be modified.
The first step in your journey towards app security modernization is to understand where your identities exist, who has access? Strata provides the Maverics Identity Discovery tool to identify these key characteristics of your applications in minutes rather than taking days or weeks.
Take the First Step to App Modernization Today
Bridging identity management across legacy applications and multi-cloud environments is perhaps one of the greatest challenges of a company’s cloud migration process. Migrations can take companies years to complete. It’s not a rip-and-replace process. Therefore, an identity management solution that can grow with your changing environments is really the only way to ensure a smooth and secure transition of your applications to Azure AD.
Your first step is to contact strata sales to learn how to inventory, visualize, and analyze identities in under 10 minutes!