Event Recording

Live Q&A and Discussion - Introduction to Identity Fabrics


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
So a big thank you to Martin Matthias. There was a great introduction into the concepts that we'll be diving deeper into throughout the sessions today, but I'm going to welcome them back on stage and we can do a question and answer session with you, the audience. So as soon as you have a question, enter it in on the platform that'll come to me and I'll ask them to our speakers. So as a first question to both of you, first of all, thank you. Very interesting session. Many organizations have already gone through iterations of an IAM infrastructure. So how does the identity fabric deal with this? Is this yet another new iteration that needs to be implemented?
You or me?
Yeah, I start off you complete that. Okay. So maybe just as you, as you remember, maybe there is the layer of legacy below the identity fabric and that is really an important aspect because it is not aiming at being a ribbon replace solution, which will have to fail. It's not a big bang. The idea is if there is already an identity and access management in place, that you can analyze it, that you can look at the components that you do have and that you do require and then can gradually update and improve the overall platform. And I think that is the, the beauty also of the identity fabric we, because we kept in mind that the identity fabric has to deal with existing infrastructures and that might be even a legacy. Im legacy applications that rely on that. Im Cetera. So that is really an a different approach here. Martin, you want to add to them? Yeah,
I want to add what important aspect, which is the identity fabric and in some ways more the umbrella around what's done. So actually IM has been about, okay, we need that and that and that tool, and this is the infrastructure we have, which the identity fabric, we look at all of the capabilities and the services and DC evolve continuously. So if there are innovations within that capabilities and services are added and maybe tools are ex exchanged, but the overall framework of the identity fabric will remain in place and will remain and changed. So it is that it is not, you go from an identity fabric 1.02 and tutorial three or something totally different again, but you evolve within a defined framework. And so I would dare to say it's, it's different, but it also, as Matthias said, it integrates, it allows you to, to integrate what you have and to allow you to, for, for a seamless transition of what you have to the sort of the new world at your own pace. And this is, I believe a very important aspect for every organization.
Thanks for those thoughts there. And also the reassurance that this is something to go at at your own pace as a next question, thinking about silos in a sense, these are the, the eternal enemy that we're fighting against. And if we start to think about sub sub segments of an identity fabric, if we, if we think about that which is relevant to consumers for workforce and when we start to bring int, is that not creating more silos? Maybe Martin if you wanna take that first. Yeah, I think it's,
I think when we look at these pictures, we also have discussed and we will further discuss then we have the overall concept of the identity fabric and this is the, the unifying perspective, so to speak. And within that certain services, certain capabilities are relevant for certain use cases. But if you understand for instance, what we have seen for consumer identity and workforce identity and dealing with the identity of things, and you maybe want to start a bit bottom up and look at the various perspectives, then if you can create an overlay at some point, this will be your identity fabric and it will help you to identify where are the things you can use across different types of identities, across different use cases. And where are the specific areas where you say, okay, this is really consumer only or here's here is what I, where I need something very different. But at the end it's that the target is to unify initiatives instead of creating silos. And that silo creation thing would be the big risk. It has been a big risk and it has, we have seen silos evolving in the past 10 over the past 10 years. But with more and more types of identities, with more and more complexity, we need something which adds a holistic perspective and then sort of an integration and helps with understanding what can be reuse or not,
But not much to add. Not much to add except for it's, it's not about creating a single system, it's creating a single paradigm of how to deal with identities and how to understand them and how to have them interconnected when it is required. It's not about creating a single solution, it's really about integration as Martin pointed out. Yeah,
Yeah. Then taking that thought directly into our next question and taking a bit of the, the pessimistic stick view here. You you call this a paradigm, it's a concept, it's not a particular tool. And so would this be just a lot of time and money for conceptual work? What's the trade off here and and what are then the, the concrete benefits in spending so much time on a concept? Yeah.
And that is, that is one of these questions where, where I always wonder, let's compare it with building a real fabric or a HOAs. No one would create a real fabric without proper planning, without an architect, someone who looks at aesthetics in all the other aspects, it will not happen and it wouldn't work. So, so why, why should we assume that we are capable of creating something complex as the identity fabric, as the framer for of identity with our proper planning? So that is the one point. The other point I think this is the positive side of this pessimistic question. Proper planning base of it saves you money later on and it will not take endless, at least if you do it right. So, so take what we have, we have defined methodologies to guide someone through that process. So you can't do that in a very method literal, in a very efficient manner. And it'll save a lot of time because you exactly earn money because you know what to do in which order, why, for which requirements for which use cases. And so that's the only thing I can't say to that
You anything
22 exactly. In 2022, we see a lot of projects that actually go the other way around because they start with silos. They have even silos for the same topic in, in, in various incarnations. Think of consumer identity systems across larger organizations. Reunifying that combining that into a single concept is more and more important for governance purposes, for for compliance purposes. And this is much more work afterwards to recombine that and to find synergies afterwards instead of starting out with a, with a proper fabric thought in mind in the beginning.
Great. And I think we have time for a final question from the audience looking at the, the shift towards modernizing digital identity solutions towards APIs and services. And so the question from the audience is where is the pa the, the paradigm shift? Is it only about bringing in APIs or what else should we think about and be really sure to emphasize about this paradigm shift?
Yeah, I think if we think about APIs in that context, it's really about externalizing functionality that is within the platform then to secure that properly. So APIs help in in providing a uniform functionality to all the consumers of these functionalities. And that might be a various kind of, of applications that are using that, but also of infrastructure and, and having that at a single place, at a single place in, in, in, of course, but in a secure manner, as secured as possible. Also as part of a, of a zero trust approach. I think that is a very, very important thing to have APIs as the central glue between the components that so that they can communicate securely and safely.
And, and I think when we talk about a fundamental paradigm shift, then traditional identity management is inside out. It is going from the identity management system and managers users and system A and B and C under some entitlements here and there it manages and the identity fabric supports this because it's still needed in places, but it also supports the other way around. It supports systems asking the identity management system about an authentication authorization. What I'm asking is to create a user account very required. And when we look at modern applications at trust in time access, at control, in zero trust paradigm with a continuous verification, we need to move from a static management of whatever users and the taglines in a system towards an runtime continuous approach where a system asks, Can I do that or not? And this is where we need these APIs and we will see more evolution that around all policy based access control around, I would say internet to, to distant future building on that paradigm shift.
Thank you. So this was again, an introduction to identity fabrics. It goes a lot deeper from here. So this was just enough to peak our interest and we'll be hearing more from both of you later on today. Thank you.
Thank you.