Whitepaper

Modular Decentralized Identity Architecture

A trend compelling IGA modernization is the need for an Identity driven security model; due to identity silos created by rapid cloud adoption. As organizations rethink their IAM/IGA systems, they may also need to utilize their existing systems while re-architecting their security environment to support new requirements. Keeping what it already has and having the ability to gradually migrate from these legacy systems to what it wants in the future using modern software architecture is pivotal. An Identity Fabric provides the agility and the integration support for what organizations already have while allowing organizations to move ahead at their own speed.

Richard Hill

rh@kuppingercole.com

Commissioned by Kapstone

1 Introduction / Executive Summary

IT security is an ever-changing landscape that has evolved over time. The IT environment has moved on from the days of on-premises only application and services that ran within an organization's perimeter walls. Federation extended the reach of where identity and access controls reside between divisions with organizations or between partner organizations. The migration to the cloud was driven by ITs need for flexibility, scalability while reducing cost. Organizations with customer-facing applications and services required high scalability and privacy compliance. Now we are seeing a new set of IT environmental and architectural requirements emerging.

Modern IAM/IGA systems should allow customers to build their identity backend for defined services through APIs. These systems need to provide their capabilities regardless of the location of the IT environment, which includes on-premises, private cloud, public cloud, multi-cloud, and hybrid deployment environments. Microservices is a software architectural style that is gaining momentum in IT organizations today. It provides flexibility by being loosely coupled, highly maintainable, and can be tested and deployed independently; microservices blend well with the current agile DevOps methodologies. IAM/IGA solutions delivered as microservices offer a new deployment model that can reduce IAM complexity while increasing scalability.

The level of identity and access intelligence has also become a key differentiator between IGA product solutions, which is the layer over Identity Lifecycle Management and Access Governance that offers business-related insights that support effective IGA related decision making. This includes recommendations for efficient use of roles, risk-based mitigation of access policy violations, automated access reviews, and also the correlation of identity events across disparate systems to derive actionable intelligence. Identity analytics & AI/ML is an important vehicle to achieve visibility into the operational state of IGA processes, such as analyzing the operational data generated by IGA tools to evaluate process maturity and adherence to service quality standards and compliance mandate.

The Identity Fabric concept supports future-oriented organizations in updating their IAM/IGA infrastructure and services and provides a viable foundation for enterprise architectures. These services aim to grant access for everyone (and everything) to every service and system in a controlled manner. As such, they can serve as the conceptual foundation for sustainably transforming existing IAM/IGA infrastructures into a more future-proof technology.

Many organizations are rethinking their IAM and IGA (Identity Governance & Administration, integrated solutions for Identity Lifecycle Management and Access Governance) architecture from various aspects. But organizations can't afford to end up with uncoordinated identity silos across their rapidly developing digital services or wait for their legacy IAM to deliver the identity services they require while increased demands on its compliance with legal and regulatory requirements. IAM/IGA vendors need to provide more modern, flexible, and modular architectures for their solutions to meet the challenges organizations are facing today.

Kapstone is a provider of Autonomous IGA, a cloud-native microservice container-based platform providing modular architecture for achieving Identity transformation in today's hybrid environments . This type of modern architecture gives customers the flexibility to rapidly meet an organization's specific requirements. Kapstone's modular decentralized identity architecture fits nicely into an Identity Fabric framework that supports Digital Transformation.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.