The last edition of KC Navigator looked at the challenge of managing complex, dynamic modern IT infrastructure and the associated proliferation of entitlements, and how organizations can go about meeting this challenge by ultimately moving towards an “identity first” approach.
This approach is encapsulated in the concept of an “identity fabric” or an interconnected layer of identity functionalities and capabilities, which is key to moving to a strategic future-proof vision by maintaining a blueprint for a unified identity, access, and cloud security eco-system, and by defining a general strategy for multi-cloud, multi-hybrid IT.
Given the reality of multi-cloud, multi-hybrid IT and the increasing use of virtual machines for running workloads, Edge computing systems to process data at the periphery of the network, and agile development and DevOps tools, the “identity fabric” concept is increasingly relevant to enterprises doing business in the digital era.
The concept or paradigm of the Identity Fabric provides a model for a unified approach to Identity and Access Management (IAM), which is essentially about enabling seamless, controlled, and secure access of everyone and everything to every service.
The Identity Fabric concept is centred around managing all types of identities in a consistent manner, managing access to services, and federating external identities from third-party providers as well as internal directory services. Enabling digital services is at the core of the concept.
In the Identify Fabric model, IAM is split into identity capabilities that make up a consolidated portfolio of isolated, but corresponding services that enable everyone and everything to connect to anything and anyone via a comprehensive architecture.
In other words, capabilities such as identity federation, access governance, and privileged access are grouped into services such as an authentication service, access management service, identity management service, and access governance service.
These services are delivered by technology, that should ideally be provided in modern architectures like containers and microservices that provide comprehensive application program interfaces (APIs) for connecting to anything.
Critically, Identify Fabrics enable both agility and gradual migration by supporting both legacy applications, and modern SaaS applications and digital services. By design, Identity Fabrics can connect to existing solutions either directly or by using legacy IAM solutions, and they can connect to modern digital services using APIs or standards such as SCIM and OIDC.
As a result, Identity Fabrics can enable modern digital services to request IAM services, help in migrating from traditional IAM architectures towards modern architectures, and can help in unifying identity to address the infrastructure and entitlement management challenges of multi-cloud, multi-hybrid IT.
“Identity Fabric” refers to a logical infrastructure for enterprise Identity and Access Management that is conceived to enable access for all, from anywhere to any service while integrating advanced features such as support for adaptive authentication, auditing capabilities, comprehensive federation of services, and dynamic authorization capabilities.
— Matthias Reinwarth, Lead Advisor & Senior Analyst at KuppingerCole.
Because we understand how important infrastructure and entitlement management is, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content on our Identify Fabric concept available in a variety of formats.
This includes the coming webinar on Delivering on the Promise of an Identity Fabric in a Modern Enterprise
taking place on 4 November. Register for free today to find out how creating a comprehensive identity fabric can be a differentiator for modern enterprises.
A good overview and introduction to the concept of Identity Fabrics can be found in this Leadership Brief entitled: Identity Fabrics - Connecting Anyone to Every Service, while this Leadership Compass on Identity Fabrics provides a much more in-depth look at the concept as well as an overview of the market for comprehensive IAM solutions built on a modern, modular architecture.
In modern enterprises, part of the challenge of managing entitlements across multi-cloud and multi-hybrid IT environments is that fact that an increasing number of identities active in this context are non-human in the form of machines and services. For a discussion on the broader topic and how the Identity Fabric concept can be useful, have a look at this Leadership Brief on Managing Non-Human Identities.
For more information on how the Identify Fabric concept can help move from traditional IAM architectures towards modern architectures, have a look at this Leadership Brief on Leveraging Identity Fabrics on Your Way Towards Cloud Based IAM, while the role of Identity Fabrics in simplifying the journey to a future-proof IT infrastructure and IAM is touched on in this Leadership Brief on the Typical Risks and Pitfalls for IGA Projects.
A wider discussion and recommendations on setting up a complete IAM organization and managing a broad IAM portfolio can be found in this Leadership Brief on How to set up your IAM organization.
For a discussion on how Identity Fabrics can support digital transformation and extend existing access governance capabilities, have a look at this Advisory Note on Redefining Access Governance: A broader perspective.
Digital transformation and meeting the IAM needs of digital transformation initiatives is explored further in this advisory note on the Future of Identity Management.
If you would prefer to hear what our analysts have to say on the topic of Identify Fabrics, listen to these Analyst Chats on Making IAM Projects Succeed - Why You Need a Solution Architecture, Policy-based and Dynamic Authorization Management, and IAM Requires a Solid Process Framework.
For a discussions that reference Identity Fabrics in the contexts of Privileged Access Management (PAM) listen to the analyst chat on The Influence of PAM on WfH, and its Influence on PAM and Zero Trust listen to the episode on Zero Trust as a Concept for … Trust and Security.
And if you have not listened to it yet, there is the analyst chat that references Identity Fabrics in a discussion that considers the question: Do we really need Cloud Infrastructure Entitlement Management (CIEM)?
Perhaps the most relevant videos relating to Identify Fabrics and the challenge of managing entitlements across modern IT environments are the presentations entitled: Your IAM Doesn’t Fit for Hybrid Multi-Clouds and Digital Transformation Needs? Time to Rethink and The Future of IAM: Towards a Unified, Modular, Trusted, and Connected Identity Ecosystem.
Identity Fabrics are also referenced in this panel discussion on Tackling the Legacy IAM - Towards Future- Proof Identity Fabric, while a more general discussion on Identity Fabrics can be found in this presentation on Creating an Innovative Identity Fabrics Structure .
For short, written discussions relating to Identity Fabrics, there are several blog posts written by our analysts for you to choose from.
The most relevant in reference to managing infrastructures and entitlements in modern IT environments are: Making DevSecOps a Reality and Going Beyond – Introducing SODAS (Secure Operations & Development of Agile Services) and Managing Access and Entitlements in Multi-Cloud Multi-Hybrid IT.
Other blog posts that reference the concept of Identity Fabrics include:
- API Platforms as the Secure Front Door to Your Identity Fabric Dec 2019 ABA
- Converging IAM Solutions AND Reducing Complexity May 20
- Creating an Innovative Identity Fabric Structure May 2020 Tim Barber
- Technology Trend: The Road to Integrated, Hybrid and Heterogeneous IAM Architectures
For a discussion around topic of how Identify Fabrics can be useful in migrating from traditional IAM architectures towards modern architectures can be found in this blog post entitled: Renovate Your IAM-House While You Continue to Live in It.
The concept of Identity Fabrics is referenced in a number of webinars. Have a look through this list and choose the topics that you find interesting:
- Seamless Connectivity: Why You Need It and How to Get It Right
- Accelerate Your Digital Transformation Through Identity
- The Evolution of Access Control
- There Is No Successful Digital Transformation Without Strong Identity Management
- Identity Fabrics for True Digital Transformation Dec
- Policy-Based Access Control – Consistent Across the Enterprise
There are several whitepapers available that mention the concept of Identity Fabrics in the context of future proofing IAM capabilities. Choose from the following:
- Modular Decentralized Identity Architecture
- Making IAM agile and working to the business
- The Future of IAM Lies in the Cloud and as a Service
- IAM: Globalization & Large-Scale Enterprise
For further perspectives on Identify Fabrics in the context of digital transformation, have a look at:
- Accelerate your Digital Transformation through Identity
- Identity for the Business: Identity Fabrics supporting the Digital Transformation
- Modern Identity Fabrics: A Cornerstone of your Digital Strategy
- Digital Transformation for Business Enablement Requires a Modern Identity Fabric
Organizations investing in technologies to support the concept of an Identity Fabric, can have a look at some of the related technology solutions that we have evaluated:
- Atos Evidian IDaaS
- Thales SafeNet Trusted Access Platform
- IBM Security Verify for CIAM
- Accenture Memority
- Microsoft Azure Active Directory