{"id":3877,"date":"2023-09-19T13:30:38","date_gmt":"2023-09-19T20:30:38","guid":{"rendered":"https:\/\/www.strata.io\/?p=3877"},"modified":"2023-09-28T21:53:23","modified_gmt":"2023-09-29T04:53:23","slug":"what-is-app-identity-migration","status":"publish","type":"post","link":"https:\/\/www.strata.io\/blog\/app-identity-modernization\/what-is-app-identity-migration\/","title":{"rendered":"What is application & identity migration"},"content":{"rendered":"
[vc_row][vc_column][vc_column_text][\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n
Migrating applications and identities to the cloud is a bit like the Wild West. There\u2019s no set way to do things, the risks are real, and the stakes are high. However, there are approaches to avoid and best practices to consider when planning app or identity migrations<\/strong> to help ensure they go smoothly.\u00a0<\/span><\/p>\n We\u2019ll explore what identity migration is, what app migration is, why the two are tied together, and how to solve <\/span>app and identity migration<\/span><\/a> challenges.\u00a0<\/span><\/p>\n Migration generally means moving from old legacy identity systems to new modern, cloud-native identity systems. A migration has two components: user identity migration<\/strong> and application migration<\/strong>. Identity refers to the people\/names who are registered to use a computing system.\u00a0<\/span><\/p>\n In some cases, an enterprise has its identities and user attributes in on-premises directories and databases<\/strong>. When trying to get off a legacy system, like CA Siteminder or Oracle Access Manager, getting the user identities to the new cloud is the priority.\u00a0<\/span><\/p>\n Application migration is the <\/span>process of moving software applications <\/span><\/a>(apps) from one computing environment to another. Like identity migration, generally, the computing environment referred to with app migration is a legacy on-premises system to the Cloud.\u00a0<\/span><\/p>\n Applications are built for specific cloud architectures<\/strong> making migrations complicated. In addition, each app is intertwined in its cloud identity system. Untangling the identities is not a simple project. We\u2019ll get into that in a moment.\u00a0<\/span><\/p>\n Organizations need to migrate for several reasons. A <\/span>recent study by Strata<\/span><\/a> found that the main reasons organizations cite for moving to the cloud include:<\/span><\/p>\n More than 75% of enterprise workloads are still on-premises, and hundreds to thousands of apps need to migrate. The move to the cloud and adoption of Zero Trust architectures is accelerating, but apps remain on-premises behind legacy identity systems.\u00a0<\/span><\/p>\n Related reading: The State of Multi-Cloud Report 2023<\/b><\/a><\/p>\n The main challenge of identity migration is getting information from one place to another <\/span>while <\/span><\/i>doing it in a way that\u2019s not disruptive to the user. The traditional method of bulk migration projects requires an organization to move most identity data at once, but not the usernames and passwords that go along with them because of encryption.\u00a0<\/span><\/p>\n Other obstacles preventing a seamless migration include data consistency and quality, as well as the high failure rate of a \u201cBig Bang\u201d migration.\u00a0<\/span><\/p>\n Often, the end-user is the unwitting victim of a poorly planned migration. When an organization migrates user identities and apps<\/strong> from one place to another, it can be very disruptive to the end-user. After the identity information is moved during the migration, the user has to reset passwords or register accounts.\u00a0<\/span><\/p>\n Getting each person in a large company to reset their credentials takes up a lot of time and causes innumerable headaches for already stretched-thin IT teams.\u00a0<\/span><\/p>\n Even more concerning than the frustration resetting login credentials causes is the risk it creates. Changes to login screens are a favorite for phishing attacks. Also, an email asking a user to reset their password is a classic phishing pattern. So your legitimate credential resetting requests reduce a users\u2019 suspicion of harmful emails asking for the same information.\u00a0<\/span><\/p>\n Another common obstacle is ensuring the consistency and quality of the data when doing a user identity migration. Most often there is a mix of identity sources like AD, LDAP, SaqL, and apps that hold identity. These various sources need to be rationalized and many integrated into a few causing complexity. This complexity is the source of data consistently.<\/span><\/p>\n When a company insists on a \u201cbig bang\u201d migration to speed up the process, it sets itself up for failure. Why? It becomes an all-or-nothing situation. They are gambling with their valuable data. If it succeeds, great, but most of the time, that\u2019s not what happens.<\/span><\/p>\n Inevitably, a complication will occur for which there is no simple fix. Unfortunately, when all of the data is already migrated, the only option for organizations is to roll everything back. As a result, any gains made with time savings are lost.\u00a0<\/span><\/p>\n The Big Bang approach also assumes you can fully shut off legacy identity. The reality is that you need coexistence so you can gradually replace the old with the new. You can\u2019t get all the apps and identity done at once. Instead, you need to move in batches as you can do the work.<\/span><\/p>\n Migrating apps is a manual process. It takes roughly three to nine months and $100,000 to re-code each app to work with a different identity system. It\u2019s time-consuming, expensive, and in some cases, not even possible. Many organizations are stuck between a rock and a hard place, though, when it comes to migrations.<\/span><\/p>\n For an app on an old legacy system to integrate correctly with a new cloud-based identity system, it must be re-coded to work with new standards and protocols, like SAML or OpenID Connect. It is a prohibitively expensive undertaking. For a company with hundreds of apps, it will cost tens of millions of dollars.\u00a0<\/span><\/p>\n It\u2019s not only expensive but also time-consuming. Investing money and people in a project that will consume them for years is de-energizing. Moreover, with the skills shortage in tech right now, companies can\u2019t afford to tie up their teams with backward-facing projects.\u00a0<\/span><\/p>\n Often the source code was written by someone years ago who is no longer around to update it. Without the source code, it is risky to change the app because it could break, and many legacy apps are still running critical business processes for the enterprise.<\/span><\/p>\n Finally, most companies have commercial apps and SaaS apps for which the source code doesn\u2019t and never has belonged to them. It\u2019s not possible to change the source code for apps to which you don\u2019t have access.<\/span><\/p>\n When getting started with an identity or app migration, ask the following questions:\u00a0<\/span><\/p>\n Those questions are just the tip of the iceberg when planning a migration. The best way to overcome the obstacles is to trade in the traditional \u201cBig Bang,\u201d all-or-nothing approach and follow a pattern instead called \u201clive migration.\u201d\u00a0<\/span><\/p>\n Live migration is incremental, meaning the migration can essentially test the waters at each step. Rather than grabbing all the identities and moving them at once, live migration involves taking small batches or cohorts of very low-risk users to migrate, then proxying their interaction with applications.\u00a0<\/span><\/p>\n As that is happening, the user information, credentials, and attributes are captured and moved from the old system to the new one.\u00a0 With small batches, if something goes wrong, it\u2019s straightforward to take those small groups and revert to the previous state.\u00a0<\/span><\/p>\n The incremental approach is much more agile, adaptive, and infinitely better suited to the distributed <\/span>multi-cloud global enterprises that are<\/span><\/a> operating increasingly in today. The user experience is not even comparable. When the user logs into the new system, they don\u2019t have to reset their credentials \u2014 they\u2019re not even aware that they\u2019re using a new system. It\u2019s seamless.\u00a0<\/span><\/p>\n Identity Orchestration can be used to route migrated users to the new identity system in the background, so it\u2019s transparent. At the same time, additional steps can be taken to increase security, such as hardening the credentials or adding multi-factor authentication to an app.\u00a0<\/span><\/p>\n Identity <\/span>Orchestration software <\/span><\/a>automatically keeps track of those users that have already migrated. If it\u2019s the user\u2019s first time logging into an application, the software routes them to the new identity system, logs them in, and then sends them to the application using the same login screen.\u00a0<\/span><\/p>\n Proper preparation and planning before beginning your migration project can save you a ton of headaches. Consider taking the \u201clive\u201d approach to migration using identity orchestration software to move incrementally rather than doing a bulk migration.<\/span><\/p>\n Orchestration software takes on the heavy lifting of app and identity migrations. It automates the process and uses an abstraction layer to move the apps and re-route identities. With orchestration, apps never have to be rewritten to work with the new identity system.\u00a0<\/span><\/p>\n Ultimately, Identity Orchestration enables zero trust and lets organizations modernize and gain all the benefits that come from the Cloud. The Maverics Identity Orchestration can be used to orchestrate any Orchestration Recipes to help ease the burden of migrations for even the most challenging apps.\u00a0\u00a0\u00a0<\/span><\/p>\n [\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"[vc_row][vc_column][vc_column_text][\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text] Why app & identity migrations are necessary and how to make them more manageable Migrating applications and identities to the cloud is a bit like the Wild West. There\u2019s no set way to do things, the risks are real, and the stakes are high. However, there are approaches to avoid and best practices to…","protected":false},"author":9,"featured_media":3881,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[93],"tags":[],"hashtags":[],"acf":[],"yoast_head":"\nWhat is identity migration?<\/span><\/h2>\n
What is app migration?<\/span><\/h2>\n
Why do enterprises need to migrate apps & identities?<\/span><\/h2>\n
\n
Challenges of identity migrations\u00a0<\/span><\/h2>\n
User experience disruption<\/span><\/h3>\n
Data consistency & quality<\/span><\/h3>\n
Big fails of \u201cBang Bang\u201d migrations\u00a0<\/span><\/h3>\n
Challenges of application migrations<\/span><\/h2>\n
Application migrations are costly, complicated, and time-consuming<\/span><\/h3>\n
Recommendations for identity & application migrations<\/span><\/h2>\n
\n
Do a \u201clive\u201d migration<\/span><\/h3>\n
Use Identity Orchestration for migration<\/span><\/h3>\n
Making application & identity migration easier\u00a0\u00a0<\/span><\/h2>\n
Learn more about <\/b>identity orchestration recipes for app & identity migrations<\/b><\/a>.\u00a0<\/b><\/h4>\n