1 Executive Summary
As digital transformation gathers pace, the most significant trend is the move to the provision and consumption of everything as cloud-based services, including Identity Management and Digital Identity. In the digital era, however, Identity Management is no longer just about identifying, authenticating and authorizing individuals or groups in an organization (B2E) to have access to applications, systems or networks by associating user rights and restrictions with established identities.
Identity Management must now also include partners (B2P), customers and consumers (B2C), as well as non-human entities that have identities such as services (software processes) and internet-connected devices that make up the Internet of Things (IoT), which gives rise to the notion of identity being the new perimeter instead of the corporate network due to the increasingly distributed nature of working and collaborating in a highly-connected world that is migrating to the cloud and becoming more mobile.
The challenge is for organizations to manage all these identities to meet security and privacy requirements, while at the same time enabling business growth, frictionless consumer/customer interaction, and personalized or tailored services and content.
Businesses therefore need to ensure that they have the appropriate strategy and loosely coupled, extensible and service-orientated IT architecture in place to enable a smooth transition to the as-a-service model, both in terms of service consumption (to reduce costs and boost productivity) and service provision (to add new revenue streams and improve consumer/customer engagement).
Essentially, the success of Digital Transformation depends on an ability to manage the access of everyone and everything to every digital service.
One way this could be achieved is by enabling decentralized identities that can be created once according to agreed standards and easily maintained by the identity owners, who then can give consent for those identities to be re-used as many times as needed to grant or deny access based on access policies. This approach is not yet supported by any well-established technologies and represents one of several external (decentralized) identity options such as bring your own identity (BYOI), social network logins and partner-based identities. Therefore, organizations should plan to support all kinds of identities and ensure they have the tools to understand the level of assurance provided by each identity type so they can make informed decisions on how those identities can be used for specific transactions or interactions using risk-based scoring, and adaptive authentication and authorization systems.
For most businesses this will mean making fundamental changes to their IT architecture to become more agile and flexible by separating identity and applications, and providing the backend systems required to make all the necessary connections using Application Program Interfaces (APIs) that bridge services, microservices and containers in the cloud (public and private) and on premise.
These changes will result in a converged digital identity backend or “Identity Fabric” that can deliver as a utility all the identity services (including security and privacy) required by the growing number of new digital services enabled by digital transformation that will actively consume identity services.
KuppingerCole Analysts believe that by setting up an Identity Fabric, organizations are more likely to meet the demands of Digital Transformation initiatives quickly, while at the same time enabling a gradual migration of legacy identity Management systems to the new identity-as-a-service paradigm.