Hybrid Identity

Rise of the Identity Domains

How hybrid IT infrastructures will soon push IAM to the brink.

Rise of Identity Domains

Once upon a time, we used to build big on-premise IT infrastructures to run our businesses. Then the cloud came along with its public cloud infrastructure and SaaS and now we have hybrid clouds. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party, public cloud services with some sort of orchestration between the two platforms.

Forrester estimates that the hybrid cloud market will reach $411 billion by 2022. According to the RightScale 2019 State of the Cloud Report, Enterprises with a hybrid strategy (combining public and private clouds) grew to 58 percent in 2019 from 51 percent in 2018. A host of other challenges have opened up as the hybrid cloud approach explodes, with 66 percent of enterprises already having a central cloud team or center of excellence, with another 21 percent planning one (up from 57 percent and 24 percent the previous year) to manage cloud governance.

Some Things Became Less Simple

During the rise of cloud computing, we still deployed lots of on-premises Identity Access Management (IAM) software because IAM was the only option at the time. Some departments within organizations began to experiment with public cloud infrastructure and Software as a Service (SaaS). Each new cloud platform brought its own built-in identity management systems.

identity silos created by identity platformsWe all knew this out-of-band experimentation might cause problems down the road, but we were all busy and decided to worry about it later. We tried to apply some band-aids such as using virtual directories for our AD forests, federation and SSO to build some bridges between on-premise and cloud and other stuff.

However, these solutions worked against us because they made it seem like the problems were solved when they really weren’t. Communicating the nuance of what was wrong to our CIO was nearly impossible. Everything seemed to be working fine from a 10,000-foot view.

Identity Domains Become the New Silos

You’ve heard the saying that too much of a good thing may not be so good? Before the proliferation of public clouds and hybrid clouds, identity domains were purpose-built for a particular set of applications. Life was good because identities were centralized and lived behind a company’s firewall. But the hybrid cloud changed all that. Identities started to become much more distributed along with the technology to manage them. Soon, the experimentation with these new cloud (AWS, Azure, Google, etc.) platforms transitioned to production deployments, and the use of each cloud native identity system expanded and hardened to meet those production requirements. The reliance on each cloud platform’s native identity stack increased.
You were then locked into that platform!

In short, that’s how identity domains have become the new silos. Almost overnight, identities, policies and configurations have proliferated and cannot easily be moved to a different platform. You cannot centralize your identity management and without centralization visibility and control becomes lost. You end up straddling the legacy and cloud application world of identities. The old identity systems are unable to adapt. The new aren’t built to accommodate heterogeneity as they are self-centered. The identity model is effectively broken in two!

Behold, the Identity Fabric

Albert Einstein once said, “In the middle of difficulty lies opportunity”. There is a solution to this vexing identity challenge and it lies in something known as an identity fabric. To understand this approach, it helps to flip our viewpoint of identity management on its head. Instead of approaching the identity challenge from the infrastructure angle, think about the apps angle instead. With the proliferation of identity domains, there’s no easy choice to standardize on one single identity system.

You might think that the only solution is to unwire an app from its legacy identity domain and wire it to a new, modern, cloud identity domain. But this repeats the lock-in of the past and is costly and time-consuming. There must be a better way. This is where the identity fabric comes into play. The identity fabric can talk to ANY identity domain, giving your apps the flexibility to be moved anywhere and integrated with any platform’s identity domain without rewriting the app!

Maverics Identity Orchestrator


While hybrid infrastructure is here to stay, it has fundamentally broken the identity model. Legacy identity systems don’t talk to cloud platform identity systems and vice versa. Simply wiring an app to a cloud platform’s identity isn’t a good solution because the app must be rewritten at great expense and time. That’s where an identity fabric comes in.

Using an identity fabric has serious benefits:

  1. Take advantage of the distributed nature of hybrid
  2. Enjoy choice and flexibility when moving from the old to the new
  3. Chose if to rewrite apps or not

The Identity Fabric offers the best of both worlds and gives organizations a true solution that isn’t a short term fix. Don’t wait for your IAM to be pushed to the brink before exploring a better way with the identity fabric. Message us with your biggest IAM challenges today. If you’re ready to start to thinking about your multi-cloud identity strategy, download the Identity Fabric data sheet.

Eric Leach

Co-Founder and Chief Product Officer