How to Modernize Identity & Migrate Apps to the Cloud
The imperative to modernize identity stemmed, broadly, from the need to make systems — old and new — work harmoniously. User identity is at the heart of the way users access the apps and data that businesses rely on, it is the first step IT teams must address as they move from on-premises to the cloud (or clouds) while managing this new hybrid environment.
When you first begin to modernize identity for your organization, the process can seem daunting — for good reason. Depending on the age and state of the systems that identities live on and the number of apps and related identities that need to be modernized the time and cost involved are prohibitive.
Every step in the process has to be handled with the utmost care. Otherwise, you risk security vulnerabilities or a loss of access to critical applications and data.
Main challenges to app & identity modernization
There are several challenges that usually come between an enterprise and its success with modernization projects. Now that enterprises run highly distributed environments, they tend to have ambiguous ownership of identity technology across on-prem and clouds. Also, identity technologies that don’t meet the needs of both legacy and modern systems create limitations.
In the past, everybody talked about building big centralized identity systems. When everything was quarantined behind the enterprise firewall, that made sense. But now we have distributed infrastructures, distributed workloads, distributed data, and you need a distributed identity system to help integrate with and manage those things. The mismatch between the need to have a distributed environment and the reality that you have to manage it all centrally is a big challenge.
The second big challenge is political. It is not uncommon for an enterprise to have only a vague or conditional answer to the question of which part of the organization owns identity in the cloud. If you have multiple clouds, the enterprise identity and security teams don’t own the cloud infrastructure; the cloud platform does.
The end result is cloud teams are creating and managing their own identity outside of the purview of the identity and security teams tasked with managing identity at the enterprise level. Getting control of this problem can be a political nightmare. Many enterprises find that gray areas are common – e.g. shouldn’t the team closest to the platform be the best choice for determining how to authenticate and authorize users – and so figuring out who should own which parts of the identity infrastructure and making sure there is appropriate accountability for consistent implementation of policies and controls isn’t clear.
The third challenge is technology. You have cloud-based identity systems that have adapted well to doing identity for the public cloud or SaaS apps, but not for managing or integrating with on-premises applications. There are also legacy on-prem identity systems that haven’t adapted to supporting cloud technologies or use cases and are rapidly reaching end-of-life. A typical enterprise can’t just magically transition all of their applications that run the most critical parts of their business overnight. Modernizing these apps takes careful planning and the right distributed identity infrastructure to make sure there aren’t catastrophic disruptions to your business.
Download the State of Multi-Cloud Identity Report 2021
Expert tips and best practices to modernize identity
Modernizing identity is a critical first step to achieving a Zero Trust security model in a hybrid or multi-cloud environment. Below are our go-to best practices to follow when embarking on your identity modernization journey.
Think incrementally about your migrations
As tempting as it is to try and get migrations done in one fell swoop, “Big Bang” migrations don’t work. Organizations have been trying to do them for years and the failure rate on them is shockingly high. Instead, incremental migrations have a much higher success rate.
Incremental or “live” migrations allow you to do things like identifying suitable, low-risk apps and user cohorts, do simple A/B testing, and if you experience a setback or something isn’t working as expected, you have the agility to roll back to a recoverable state much more easily because you’re taking things in small increments.
Embrace a distributed model
Centralization has been the traditional mindset that existing vendors would like people to believe is the right way. However, if you look at it practically, you’re not going to replace AWS’s identity system with Microsoft’s identity system. It’s not even possible.
As you modernize identity, embrace the distributed nature of the platforms that you have and build your identity system around that distributed reality. Operating in multiple clouds is not going to go away. Recognize the fact that you have multiple identity systems and instead of trying to centralize, make each one of those identity systems work better together.
Decouple apps from identity
Avoid tightly coupling your apps to your new identity system. One of the things that must be accomplished during your identity modernization effort is transitioning identity systems in such a way as to not get locked into any one vendor again. Don’t repeat the mistakes made with old, centralized legacy identity systems when you transition to a modern identity system and a distributed model.
Individual cloud identity systems tend to bring with them their own ecosystems, like multi-factor authentication and deeper authorization. Having those capabilities is great, but you want to choose another product for MFA and you’re locked into using the MFA from one identity platform, that’s going to be really hard for you.
Instead of really tightly coupling your integration between your identity system and your app, put an abstraction layer between those so that you can choose any of the identity systems that you already have and you can switch seamlessly between them. That’ll make it so much easier to get the kind of flexibility and choice that you want as you are really building out a truly distributed identity architecture.
Modernize identity through orchestration
Identity is evolving. Now, since we don’t manage identities in a contained environment, we need a new approach.
Manual management of identity modernization is still widely being used by enterprises. The problem is that humans take a long time and make errors — things most organizations can’t afford. If your business depends on a system that is being updated, there is no room for downtime.
An identity orchestration platform automates the process of identity modernization and app migration. It takes a fraction of the time and removes the likelihood of human error because the identity fabric abstracts the identities from the app without ever needing to touch it. Integrating with identity systems without having to rewrite your apps saves hundreds of thousands (or millions) in coding costs.