Antifragile identity for the multi-cloud world

This article was originally posted on The New Stack.

In his book The Black Swan, Nassim Taleb describes game-changing events that occur randomly and infrequently while proposing a theory on how building robustness into systems will allow them to withstand shocks when the unforeseen happens. He was referring to the banking system, but the same concept applies to technology.

Most applications are brittle and do not react well to major technology shifts. For enterprise technology to avoid obsolescence, we need to design systems that not only survive stress but thrive under it. Technology that is agile and adaptable, and has the ability to improve under stress displays a concept Taleb calls antifragility. According to Taleb’s theory, fragile breaks under stress while antifragile improves under it like a bodybuilder who breaks down muscle to regrow more.

How does technology improve under stress? Let’s consider the transformational multi-cloud approach to enterprise computing. Since multi-clouds created new stress, namely managing applications across different cloud platforms, this spawned a response: Kubernetes. This orchestration technology (originally developed by Google) automates the management of complex distributed containerized apps. Its usefulness, agility, and flexibility to address this particular challenge cannot be disputed.

Making Identity Antifragile for the Cloud

With the increasing adoption of multi-cloud architectures, traditional centralized identity management is coming under stress. To keep up, a next-generation approach to identity is needed that is antifragile.

The key to making identity antifragile in a multi-cloud world is distributed. Here’s why:

1. Distributed identity is convex, not concave in response to stress.
2. It provides built-in redundancy across multiple clouds.
3. Small errors can be absorbed with an agile mindset and small stories (more on this later).

Convex Versus Concave Identity for the Multi-Cloud World

Taleb states that systems can have either a positive, neutral, or negative response to stressors. These can be shown as curves that are convex in the case of antifragile systems that get better with stress. Or fragile concave curves that get worse with stress.

Stressors that affect identity are multiplied and amplified in multi-cloud environments. This is because each cloud requires its own built-in centralized identity system. Centralized identity doesn’t scale linearly, as limits in any one system will eventually lead to a single point of failure. On the other hand, distributed identity scales exponentially as more identity domains are added.

The following table shows a comparison of how centralized and distributed identities respond to various stressors as we explore the concept of fragility versus antifragility.

Redundancy Is Built-In

In engineering, redundancies are often intentionally designed into a system. By duplicating critical components, if one fails, the other can act as a back-up and keep the system working. Numerous lives have been saved because airplanes have redundant everything — spark plugs, fuel pumps, computer systems, even engines.

Modern cloud architectures use stateless containerized microservices that provide horizontal scale-out across lots of redundant compute nodes. If one fails then others pick up the work and the failed unit is recycled. Further redundancy is achieved by having an identity system that works across different clouds, platforms, and vendors. If one identity provider fails then it’s possible to switch over to an alternative.

Small Errors are Ignored

According to Taleb, to achieve antifragility in systems we need to stop trying to systematically remove uncertainty and randomness to gain the benefits associated with the “trial and error of antifragility.” This involves ignoring small dangers and embracing small stressors; while accepting there will be continual entropy.

In distributed identity, we think about quickly correctable changes that come from an agile mindset and processes. We can reduce risk by managing compartmentalized access per identity domain and the identity control plane, and approaching migrations incrementally using coexistence.

A Transformational Approach to Identity Management

To meet the needs of multi-cloud environments, we need an antifragile, transformational approach to identity management by creating a multi-cloud strategy. Using a distributed model built on the well-proven concepts of abstraction and virtualization will allow us to support coexistence and a gradual migration. This will enable enterprises to move from end-of-life legacy identity management to new infrastructures that are natively built for a multi-cloud world and include the benefits of a multi-cloud management system. See how we’re approaching this challenge with the Identity Fabric.