Identity & Access Management

Identity Orchestration & multi-cloud: 5 things to know

Strata Identity Orchestration Blog Post Banner Graphic

Gartner, Inc. projects 80% of businesses will have all their infrastructure based in the cloud by 2025. The analyst firm also reports that 81% of enterprises using the cloud are managing multi-clouds (have two or more cloud platform vendors). The main drivers for multi-cloud deployments? Primarily the flexibility to support unique application and cloud migration requirements.

Building a multi-cloud solution

According to one expert, “The worst thing you can do when building a multi-cloud solution is to silo tools and technologies within each cloud. This includes security, governance, operational tools, etc.”

This is especially true when it comes to identity. Since each cloud provider uses its own identity management system. This creates a growing list of user identities that have to be reconciled into one user profile to enable them to access and keep operations humming. Unfortunately, there are several technical and organizational challenges that make this virtually impossible.

In a recent article for Forbes, Strata CEO Eric Olden explains:

“For example, imagine if your company had to move 50 apps it uses regularly from on-premises to the cloud or from one cloud vendor to another. (This is not an outrageous number; the average enterprise uses 1,295 cloud-based apps.) To do this quickly, inexpensively and without disrupting operations or compromising security, the challenges would be enormous. It would require managing multiple identity systems, rewriting the apps to support the new destination identity management system, and resetting all user passwords before the migration.”

Solving the identity challenge of multi-clouds

The way out of this multi-cloud log jam is through a new approach called Identity Orchestration. The value of identity orchestration for multi-cloud is that enterprises can weave all those identities together using a distributed identity model that allows enterprises to break vendor lock-in and operate smoothly in the cloud. It provides users with access to both cloud-based and on-premises resources safely and efficiently while enforcing centralized access policies that maintain the same level of security across all clouds. According to Olden: It [Identity Orchestration] acts as a bridge between each cloud provider’s access system and between legacy and modern identity and access management (IAM) systems.

Pitfalls to avoid with identity orchestration

These five tips can help get you started on the right foot with identity orchestration:

1. Retrofitting a centralized identity system. You won’t be able to centrally manage users and policies because these identity systems simply weren’t made to interoperate with other IAM products.

2. Avoid technologies that are not natively distributed and that use proprietary integrations. They can’t interoperate with other identity systems and will prevent the centralized management of identities.

3. The identity abstraction layer must be able to unify the global namespace. You also want it to normalize the definition of user access policies using a common syntax.

4. Avoid identity technologies that are designed for on-premise-only or cloud-only. You won’t be able to manage hybrid environments in a centralized way.

5. The identity fabric must be integrated seamlessly with your cloud DevOps processes and tool stack. 

To learn more about how to get started with identity orchestration with multi-clouds and avoid common pitfalls, read the complete Forbes Identity Orchestration article here.