3 Drivers of the Identity Modernization Imperative
Identity Modernization is the intentional response to the inevitable evolution of identity management technology caused by digital transformation. Companies have been deploying products to manage identity for their workforces for the last 20 years or more.
These products were good, and they did what they needed to do: create users, manage accounts, provision people to applications, and enable authentication and single-sign-on (SSO). Everything worked really well when all the identity providers, data stores, and applications were behind the firewall.
Then, with the shift to the Cloud and the rapid adoption of SaaS applications, things got complicated for enterprise identity management. Legacy, on-premises identity products didn’t mature to keep up with the needs of cloud platforms or SaaS products, and new cloud identity systems were not built to meet the complex requirements of legacy on-prem apps.
According to a Gartner report, an estimated 81% of enterprises are now using two or more clouds. As a result, companies are trying to adapt to having multiple clouds while maintaining well-defined on-premises software.
Not having a modern identity system is holding organizations back from gaining all the benefits of the cloud. Also, when the boundary of the enterprise has changed, it isn’t easy to control the way identities are managed.
So, how best to meet the unique requirements of cloud-based users who need access to applications deployed on-premises and on-premises users who need to access cloud services?
The process of identity modernization is moving from old legacy identity products onto new, cloud-based identity systems. This requires us to think differently about identity. We need to design architectures and build the functionality that accounts for these old and new patterns.
Driving factors for identity modernization
The latest and greatest of any product inevitably reaches a peak of popularity then slides into decline. In the 1980s, the car of the future was the DeLorean. Remember? Maybe your on-premises identity system was the DeLorean of its time. But it wasn’t meant to work with the cloud — or multi-cloud — which is the reality for enterprises today.
Legacy identity systems were built long before enterprises began adopting public cloud infrastructures. No one considered that companies might use more than one cloud.
A typical enterprise today has at least three clouds, including Amazon (AWS), Microsoft Azure (using Azure AD, usually in support of Office365), and Google Cloud (usually in support of big data and data processing). In addition, most customers also run private clouds and virtualization platforms, such as VMware, on-premises. So, not only have enterprises become multi-cloud, nearly all of them are hybrid as well.
A modern identity architecture must consider how to support apps sitting behind legacy identity that is rapidly reaching EOL. It also needs to support new cloud-driven operational models such as Zero Trust, and make the user and app experience transparent across clouds.
End-of-Life (EOL) legacy software
One complicating factor for many enterprises is that their legacy identity systems have reached their end-of-life (EOL). Organizations are being forced to accelerate their timeline for migrating off of these legacy systems because they’re losing product support.
And that’s happening in one of two ways. Either the vendor is just saying, these are not supported products anymore, or they are still supported but lack many of the key critical capabilities that they need for this new reality that they’re in, which is hybrid and multi-cloud.
Enterprises don’t want to have to renew an old on-prem system that is no longer supported. Yet, teams are stuck because they still need to access the apps on-prem. In addition, it takes many years to rewrite and rewire apps to move to the cloud. And it is incredibly costly.
Zero Trust security imperative
Zero Trust is a big driver of cloud modernization. The Zero Trust security model is critical for cloud security but doesn’t translate to legacy systems. Back when everything was inside the network perimeter, after a user’s initial authentication, the assumption was that they were safe and trusted.
With cloud computing, it’s the opposite. Nothing is trusted, and authentication must happen at every step to ensure it is the same person with the same device operating with the same legitimate intent.
Enterprises must adapt to this new world where their workforce requires access to applications and data when users need access from outside of the enterprise. And they have to accommodate access to apps, services, and data that are outside of the firewall, running on public clouds, or because of SaaS apps.
Remote workforces, enterprise agility, and cost savings all drive this new reality, but none of the benefits can be realized without shifting to a Zero Trust security model. So modernizing is essential to make that happen.
Adoption of multiple clouds
Enterprises on average, have at least three cloud platforms, each with its own purpose-built identity system. These cloud identity systems assume they work in a standalone manner, supporting only the needs of their platform and largely ignorant of other platforms save for thin layers of interoperability isolated to single-sign-on.
User and policy management are completely fragmented, and visibility across different platforms is non-existent. In addition, the identity landscape has seen a proliferation of so-called best-in-class providers of everything from multi-factor authentication to risk analytics and identity proofing. Choosing which capabilities to use to secure apps on these different platforms without that app becoming locked into those specific technologies is nearly impossible.
There’s a missing layer in enterprise architectures needed to abstract applications from the identity functionality they need, and to make many identity systems come together and work as one.
A hybrid solution for identity modernization: Identity Orchestration
A new approach to modernization is to build a distributed infrastructure. Change the way you decide when and how to modernize apps according to a timeframe that matches your business modernization requirements. Identity orchestration gives you the flexibility to transition without changing your apps and helps to make identity work properly across multi-cloud and hybrid environments.
Implementing an identity orchestration platform bridges the gaps between legacy identity systems that didn’t keep pace with cloud innovations and cloud identity systems that weren’t optimized for the more complex requirements of on-prem apps and services. Identity orchestration provides a missing layer in enterprise identity architectures that make it possible to swap in and out identity services as needed without impacting user experience or requiring expensive application rewrites.
Integrating legacy apps with a new identity system without having to rewrite them is a huge advantage and cost savings. Building a new, distributed identity orchestration layer will be justified just on the cost savings from not rewriting apps. Your modernization can happen 100 times faster.