Shifting IAM to Modern Architecture and Deployment Models
There is a lot of talk about IDaaS (Identity as a Service) these days, as the way to do IAM (Identity and Access Management). There are also fundamental changes in technology, such as the shift to containers (or even serverless) and microservice architectures, which also impact the technology solutions in the IAM market.
However, we should start at a different point: What is it that business needs from IAM? If we step back and take a broader perspective, it all ends up with a simple picture (figure 1): The job of IAM is to provide access for everyone (and everything) to every service and system, in a controlled manner. That is what we must focus on, and that is where we should start (or restart) our IAM initiatives.
Focus on the Business Need, Not on Technology: Deliver Identity Services
Even while this graphic looks simple, there is a lot in it:
- It is about all types of identities – employees, partners, customers, consumers, non-human identities e.g. in RPA (Robotic Process Automation), services, or things
- It is about an integrated perspective on Access Management (e.g. Identity Federation) and Identity Management (e.g. Lifecycle Management/Provisioning), but also beyond to aspects such as Consent and Privacy Management; however, Access Management is at the core
- It is about supporting a variety of Identity Providers, beyond internal directories
- It is about collaboration along the value chain and supply chain, with others, well beyond Employee IAM
- It is about delivering these services in an agile manner, supporting the demand in creating “identity-enabled” digital services in the digital transformation of businesses
- It is about a common set of services, what we call an Identity Fabric
You could argue that IDaaS becomes a different notion in the model of the Identity Fabric, which is true: It is providing Identity Services.
Taking a Deeper Look at the Identity Fabric: Identity Services and IDaaS
When we take a deeper look at the Identity Fabric (figure 2), it becomes apparent that there are both aspects of IDaaS integrated into this concept, and even more when looking at the architecture and microservices:
- IAM must be provided supporting flexible operating models, from on premises to the cloud. Many businesses will run some sort of hybrid mode for their IAM, given that the Identity Fabric commonly will be a mix of existing and new components. But supporting IDaaS in its common understanding – IAM delivered in an “as a Service” operating model – is essential.
- IAM must provide services, beyond just managing applications. Currently, IAM is targeted on the latter aspect, by creating user accounts, setting entitlements, or acting as a shell for Access Management in front of the applications. However, digital services require access to a set of identity services (APIs) to consume. This is a fundamentally different concept, and this form of Identity Services must be supported as well.
- Finally, and related to #1, the architecture must be based on microservices. Only that allows flexible deployments, agile roll-out, and extensions/customizations. Done right, customization, integration and orchestration across multiple services take place in separate microservices. Done that way, they are easy to maintain and product/service updates will not affect customizations (as long as the APIs remain stable).
Identity Fabrics are, from our perspective, the foundation for a future-proof IAM that serves the business demand. They provide the capabilities required for supporting the business use cases, based on a set of services that are built in a modern architecture.
The Road to IDaaS
Moving to an Identity Fabric is a journey that allows building on what you have in IAM and gradually transforming this, while adding new and modern services that rapidly provide the new capabilities required to serve the identity needs of digital services as well as the integration of new SaaS services.
Take a look at our Advisory Services for further decision support for the digital strategy of your business or simply browse our research library KC PLUS to get more insights on digital identity topics.
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Subscribe to our Podcasts
How can we help you