{"id":7243,"date":"2022-06-29T14:47:01","date_gmt":"2022-06-29T21:47:01","guid":{"rendered":"https:\/\/www.strata.io\/?p=7243"},"modified":"2023-09-28T22:00:15","modified_gmt":"2023-09-29T05:00:15","slug":"hexa-policy-orchestration-framework","status":"publish","type":"post","link":"https:\/\/www.strata.io\/blog\/governance-standards\/hexa-policy-orchestration-framework\/","title":{"rendered":"Hexa Policy Orchestration framework: Simplifying IAM policy for multi-cloud ecosystems (by Tom Malta)"},"content":{"rendered":"
[vc_row][vc_column][vc_single_image image=”7246″ img_size=”full”][vc_column_text]In this guest post, IAM expert and global consultant Tom Malta shares his views on how <\/span><\/i>Hexa and IDQL<\/span><\/i><\/a> \u2013 a new and unique policy orchestration platform \u2013\u00a0 are set to disrupt the multi-cloud space.<\/span><\/i>\u00a0<\/span><\/p>\n Using multiple cloud platforms delivers significant benefits to enterprises, such as improved redundancy, availability, and security. As a result, the multi-cloud approach has been steadily winning over more and more C-level decision-makers.\u00a0\u00a0<\/span><\/p>\n However, with such transformative changes, many IT leaders have found <\/span>complex cloud-related challenges<\/span><\/a> that can impact business operations when expanding their suite of cloud service providers (CSPs). Outdated and manual systems for identity and access management (IAM) are consistently at the core of the problem.\u00a0<\/span><\/p>\n Thankfully, there\u2019s a new solution that I\u2019m confident will help enterprises easily and consistently orchestrate policies across the multi-cloud. As I recently expressed to industry leaders regarding their IAM strategic plans:<\/span><\/p>\n Any company struggling with managing identity and access across multi-cloud will benefit from Hexa and IDQL. For the first time, you can unify and centrally manage your policies north\/south, but also east\/west across any cloud service provider (CSP), or virtually any end-point in your solution architecture.<\/span><\/i><\/p>\n Having worked in the IAM space for over two decades, I\u2019ve had the opportunity to be part of multiple migrations to the cloud (and then multi-cloud) and have gained many insights along the way. In recent years, as a consultant, I\u2019ve advised many IT leaders about how to avoid pain points they may encounter when transitioning to multi-cloud, including:<\/span><\/p>\n These types of challenges also arose frequently in a previous role I held while navigating multiple cloud deployments in an Azure environment. My team\u2019s experiences demonstrate the magnitude of our problems while seeking solutions to these challenges.\u00a0<\/span><\/p>\n Let\u2019s take a brief look at how we tackled the problem.\u00a0<\/span><\/p>\n At the time, a brief outage had just impacted authentication via Microsoft, and the risks of exclusive reliance on a single CSP were of growing concern to our leadership team.\u00a0<\/span><\/p>\n I recommended adopting AWS as an alternate CSP to increase our readiness to migrate critical customer workloads in the event of a similar outage. But we found ourselves in uncharted territory with significant unknowns, including how to: approach a move to an alternate primary IdP, establish a baseline for services and deployments, preserve consistent, seamless services, and ensure the solution was readily deployable.\u00a0<\/span><\/p>\n Manually implementing changing permissions updates and policies was already a struggle. Finding skilled workers that understood the myriad of possible scenarios in a multi-cloud ecosystem was tricky, given the global shortage of cyber talent.\u00a0<\/span><\/p>\n We needed to engage developers and architects from the proposed alternate CSP. Quality assurance checks and pre-PROD validations were required to benchmark workloads under each CSP to ensure alignment of policies and permissions.\u00a0<\/span><\/p>\n At the time, no viable solutions were on the horizon. Even today, many C-level executives report the same pain points using this outdated (and costly) approach. The process is resource-intensive for testing, individual deployment, and ongoing policy management.<\/span><\/p>\n Related reading: <\/b>State of Multi-Cloud Identity Report 2022\u00a0<\/b><\/a><\/p>\n Ultimately, the friction can be traced back to the absence of standardization across the various CSPs and their associated policies and permissions. With no standardization today, there is also no easy way to leverage multi-cloud to its full capability using a manual process.<\/span><\/p>\n During consultations with senior leaders, I\u2019ve discovered common needs, expectations, and priorities, including:<\/span><\/p>\n The bottom line is that the days of going all-in on one CSP are a relic of the past. To simplify the adoption of multi-cloud, we need <\/span>a new approach to enable customers to modernize their infrastructure<\/span><\/a> without increased cost, complexity, and risk.\u00a0<\/span><\/p>\n Enter IDQL & Hexa. IDQL, a new declarative identity policy language, and its open-source reference software, Hexa \u2014 an active CNCF Sandbox project<\/a>, enable you to centrally manage disparate access policies in a common format instead of the bespoke policy syntaxes associated with each CSP.\u00a0<\/span><\/p>\n Hexa discovers all your policies and translates them to and from IDQL. Then, it orchestrates those policies back to each native cloud service in its imperative format.<\/span><\/p>\n Together, IDQL and Hexa solve many common IAM issues in multi-cloud ecosystems:<\/span><\/p>\n Supporting multi-cloud can be due to business needs changing or current CSPs not meeting expectations. Or perhaps other drivers like regulatory or geographical constraints have pushed you to use multiple clouds.\u00a0<\/span><\/p>\n Whatever the reason, it\u2019s becoming increasingly difficult to solve the vast array of challenges that come with a fruit salad of CSPs, more commonly dubbed by me as the \u201capples, oranges, and bananas\u201d problem.\u00a0<\/span><\/p>\n Rare are new approaches that truly disrupt the status quo in IAM (identity and access management). Yet, that is what IDQL\/Hexa together are capable of achieving. Being born in the cloud as open-source (with no proxies or agents) and further supported by standards and industry consortiums like the <\/span>CNCF<\/span><\/a>, I expect widespread adoption similar to Kubernetes, Docker, or even going back to the early days of SAML.<\/span><\/p>\n It\u2019s time to simplify what\u2019s on your plate with the <\/span>unique benefits and opportunities of Hexa with IDQL:\u00a0<\/b><\/p>\n To discover more about this solution for your multi-cloud challenges. \u200b\u200b<\/span>Join the IDQL\/Hexa working group<\/b> https:\/\/hexaorchestration.org\/<\/span><\/a>.\u00a0<\/span>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"[vc_row][vc_column][vc_single_image image=”7246″ img_size=”full”][vc_column_text]In this guest post, IAM expert and global consultant Tom Malta shares his views on how Hexa and IDQL \u2013 a new and unique policy orchestration platform \u2013\u00a0 are set to disrupt the multi-cloud space.\u00a0 Using multiple cloud platforms delivers significant benefits to enterprises, such as improved redundancy, availability, and security. As a…","protected":false},"author":9,"featured_media":7265,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[101],"tags":[],"hashtags":[],"acf":[],"yoast_head":"\nA new era: the business case for early multi-cloud adoption\u00a0<\/span><\/h2>\n
\n
Case study: from cloud to multi-cloud before automation<\/span><\/h2>\n
Why standards make a difference<\/span><\/h3>\n
\n
IDQL & Hexa: developing a new approach to modernize IAM<\/span><\/h2>\n
\n
Hexa & IDQL: simplify policy orchestration for multi-cloud\u00a0<\/span><\/h2>\n
\n