Event Recording

Introduction to Identity Fabrics


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
We want to talk about identity fabrics and the reasons why we need them. So identity fabrics as a concept has been introduced quite a while ago and it was, and it's there for, for very good reasons. And the reasons we want to talk about that. What is the motivation for getting towards identity fabrics Martin? What is the main concept behind identity fabrics and what is the real overall? Yeah, the rationale behind having a concept like the identity fabrics.
Yeah. So when, when we created this concept a couple of years ago, it started from the simple thinking about what, what, what is it? What identity management needs to deliver the foster, The basic question and what it needs to deliver is it needs to provide a seamless yet secure and controlled and well governed access for everyone and everything to every service. And that requires a set of services like managing the users, like authenticating, like authorizing all the audit and and other aspect. And that was the starting point for the entire discussion or the entire concept to say we need to get rid of, or here's a bit of a workforce. I am here, we have a consumer, I am or here to do something for things, but here we built something different again or we do it separate for cloud and for the on-prem world because identity is so essential to organizations that organizations can't live with dozens in diverse case or at least multiple different identity managements that are not well integrated. So also not then making, reusing what you already have. This is, this has been the starting point and I think this is related to digital identity and identity management has got a way more vital, important central role for organizations. Not only in IT, but for how an organization works, how it interacts with things, with customers, with consumers, with whatever else identity is at the center of security of business servicing.
Yeah, I think I fully agree because in the, in the beginning, identity management or directory services were about increasing efficiency when it comes to administration. So making the IT admin job a bit easier. But today this has, as you said, really changed. We are talking about business enablement, having the right identities at the right time and the right application available and empowering them to use this. And that could be customers, that could be employees, but also the cybersecurity aspect, which is getting more and more important with the threat vectors changing and with also the identities being a target of of cybersecurity, of of cybercriminals.
Yeah. And I think we need to be just clear about the, the role of identity management has changed. When I started my career, so to speak
Then it was really an administrative thing at the beginning there was nothing like the term identity management, it was directory services and stuff like that when I started sometimes in the late eighties, right? Network, early land manager wines and stuff like that, or X 500 directories. We talked about directories and then we talked about meta directories and administering that. And then it shifted from, oh, there's more. There's a single, there's a use experiencing, there's a, a compliance thing least privilege. And in the past years that really evolved from these drivers towards how can we connect and we talk about everything is connected. We talk about a, an ubiquitous connectivity in our world and that means we need to understand the identities, their relationships. And it has shifted to something which is driving the business. And this is I think the point where we shift from IT enablement and technical aspects to business enablement. And even in it, it's a totally different thing than it was in the past. So you also had a long career, so, so you've gone through the same phases more or less than me.
Yes. Martin, you're absolutely right. When I started with this topic, it was the, the mid of the 1990s, it was about increasing efficiency re you are using information from different departments, from hr, from organizational departments to get access easier to people. We did not talk about access governance, we did not talk about enablement, which was just more or less an IT job that needs needed to be done more efficiently. That has changed dramatically over the last say 25 years or so. We are in the process of the digital transformation and that needs to cover various aspects when we look at these influencing factors and the aim that we want to achieve when we, when we look at digital transformation, because all business processes actually really virtually every business process is going digital and it needs to reflect what is in the outside world and what a business wants to achieve. So it needs to look at external impact from your competitors, from cybersecurity threat landscape to the connectivity and changing business models. Look at the recent three years that we've gone through and that's an important aspect.
Yeah. And I think that that is very important. So even while I, I tend not to use the term the true transformation anymore because it's transformation always is a bit about from A to b I think we should talk about digital journey and the digital age. So it's a continuous evolution, but you're absolutely right there, there are the external impacts from a security, a governance, competitive perspective and and all of that. And also that needed change in the organization. So more agile organizations mean we can't work in aesthetic workforce, IM world anymore. It's about external impact. It's about agility. And I think this is what, what really means. Things are changing and and dealing differently with the customer. Understanding customer identities, understanding the things means we need to have the right technologies in place. And I have the strong belief that identity and security are and privacy are central to the success in the digital age.
These core changes that you've mentioned, Martin are reflected in technologies that are getting more and more important and they need to be supported by digital identities. So digital ID needs to reflect what the business requires from them. So to enable technologies that we see on the market that we see like artificial intelligence, like cybersecurity, like robotics. So identities need also to be provided for those aspects and that means that iga, Im in general and thus the identity fabric needs to be capable of evolving over time to reflect the, the changes also in the way we deal with new types of identities, new life cycle processes for different non-human, non-carbon based life forms that are required to play an important role within this digital journey that you've mentioned. So if you look at the major trends that need to be reflected, so what is currently happening happening in the market? We've compiled these six main major trends and maybe you want to explain the most important ones that you see are currently heading towards the organizations that deal with identities.
Yeah, so, so I think there are some which are more low hanging fruits, like saying I, I shift to identity as a service away from treasure on premise models. The concept of thinking about one identity management, so not workforce and consumer and everything totally segregated, but understanding how this fits together and where you need specialized capabilities and where you build on the same component. So this, this is pretty straightforward including the one identity aspect. So not saying we have, so, so yes there are different types of identities, but we need to treat everything as having an identity, a service as an identity, a thing, a device, a human whatever has an identity. So this the, the left hand side so to speak of this graphic is I would say where many organizations are and looking at, we see emerging more and more perspectives on APIs.
So not just saying, okay, my identity management creates an account and system a P in the active directory whatever or in SAP and set some entitlements but it also can serve the needs of digital services. So if additional services, there's a new customer I need to create the identity for that customer in my world then this is an API call application programming interface. Digital service requests something from identity management. That is where we need to move. We see more and more interest in decentralized identities emerging topic. So I have my identity, I have my proofs proof based on my E I D that I'm Martin Kuppinger proof from call Analyst saying Martin, Kuppinger is a principal Analyst and all these proofs that can be used to say, okay, someone I'm working with can also indicate me a nose. This is Martin Kuppinger, that's proof proven.
This is he's at cooking call Analyst that role. And based on that grant we certain access maybe in an advisory project, the probably still far the way aspect is trust in time emerging but not yet fully there. This is about how can you move from static entitlement, static access and all that stuff to decisions made on run time based on policies. So because if you need to manage static entitlements, the problem is you write the entitlement. Martin is member of the group finance, the group finance can do in and that and that into a system. And that tends to be out of date and it's hard to manage. It's relative complex. If you trust, say at run time I check Richard Martin and based on the policy I decide what Martin can do, it's way easier. So these are some of the overarching trends so to speak, we see that are shaping identity and surely an identity fabric must be built to serve these needs. It must serve trust and time, be ready for trust and time concepts, be API capable. And I think for the left hand side, we already mentioned and will demonstrated later that the identity fabric is built to serve every single and everyone for every service.
Absolutely. And we, we, we are coming from two different angles when we talk about this mainly one is the research side. So we are looking at what the market can provide. On the other hand, we are talking to organizations that really have to deal with these challenges and if when we talk to our customers there's, there are really some trends that we can identify what concerns them and what makes the identity fabric such a vital concept to adapt to these changing environment and to these changing requirements and to fulfill the needs of these digital journey components that need to be provided. So when you talk about the good is the
Good thing is before you talk, continue talking, the good thing is this, if you take the, remember the slide for the previous slide, this one, there's a neutral overlap. So some of the trends are clearly little bit more, more to the future, but a lot of the things you see here are things Matthias will talk about now in the next slide.
Absolutely. And that means that this is not only theory, this is not just analysts speak, this is the real world. Organizations need to modernize their IAM because many organizations started very early as we are 25 years in the business. That means there have been generations of IAM before and you need to be capable of modernizing that to adapt to a changing world. And that means to changing, moving to changing deployment models to the cloud, to other ways of really operating the system, having a managed service provider or just the cloud provider who does it for you and no longer on premises. That means also an IM for the cloud, making sure that identities are available for all these services that we pro provide and use today provided from the cloud and to deliver on time. That is something that you've mentioned also before. It's really making sure that you can provide the solutions when they are needed.
Not having a a, a ramp up time of nine months before a new solution can be started. This is not how business works today. You need to be able to provide services very quickly and to provide the right identities and the right format to the next generation application that is around there. And that includes the changing workplace that in includes new ways how we deal with our office environment. That means that we need to make sure that we have the security and also the agility in place to make sure that workplaces can provide the services that users just expect. And one aspect seems to be technical, but it isn't. Many organizations are looking at the way how they deal with their existing environments often represent with an active directory on premises and while they are moving to the cloud, they're moving to Office 365 or other cloud platforms. What does it mean to have an idp, to have an access management in the cloud really requires,
Well let me here when we, you touch AD and aad one, one important statement from my end, Azure active directory and to my perspective also on premise active directory, but latest Azure active directory is part of the IM world of the identity fabric. That is something you must understand. It must be part in ownership of the identity management team for no one else at the organization. Everything else is just wrong.
Absolutely. That's not something that is acquired with a checkbook because you're just moving to a new office platform. It needs to be a strategic component just as you've mentioned. And of course all new types of identities need to be covered. These are the, the actually two items on that list. So which identities to serve and one important group of identities of course is the consumer, is the customer, is the citizen, the patient. So the the, the iden, the identities that we are providing services for that goes beyond the employee and it might also go beyond, as I said, carbon based life forms. So it's really, we need to understand that all actors within the environment should have and must have an identity that really makes sure that you understand them and that there is an assurance level that this identity is actually this robot, this, this machine, this service that human being and understanding that helps you in providing the services in a way that you also make the, the auditors happy. Make your governance people, your internal security team happy to make sure that the security, the governance, the compliance is actually available and built into the system. That is also something a key component of the identity fabric that there governance, compliance, security, privacy is not an afterthought but it's built into the processes and into the capabilities as a whole. And then you can understand identity risks, access governance and can make sure that this works well. Anything to add from your site Martin?
No, but I think we should have a look at the identity fabric finally.
Yes. So, so a picture is a lot of elements and we will in other talks go way more in detail, but basically when you look at the lefthand side, the center and the right hand side, a lot of what we talked about is there on the left hand side you have everything and everyone or like Matthias tends to say the carbon based life forms and the silicon based life forms so to speak. On the right hand side we have all these types of services. So, and the chopping between of the identity fabric is to connect to ensure that everyone, everything can on the controlled conditions come to the right hand side. On the top we see all the services that are managed in newer services and to the upper left, they are the APIs enabling digital services to consume identity services In the center we have all these identity services based on capabilities that are combined into services and served by tools and to the bottom we have, yes, this is an evolutionary thing. This is nothing about rip and replace, it's about understanding what you have, what fits into the future, what will be remain maybe legacy and will be part of a longer migration or shorter migration phase. And all that is built into this concept.
Absolutely and I think it's, it's, it's really also a concept and, and it's an enabling tool. Understanding your identity landscape with this paradigm in mind helps you in, in improving and continuing to evolve this identity fabric as a overall concept. And we believe that it is capable also to work in, in years to come by adapting your landscape using this identity fabric paradigm. And I think that's a good point to stop and to continue the discussion about the identity fabric in a different section. To go more into detail to show the con to show the concepts and also to to understand more what existing products can can provide within this concept and how they play well together. Any final thoughts? Martin?
Yeah. Important thing is the identity fabric is that trusted theoretical concept. We see more and more implementations at organizations, also at very large organizations. And it has proven to be a concept that is a perfect guideline for evolving identity management from the state you are to where you want to be to support this journey because identity fabric is nothing static. It's something which also lifts with your evolution of identity management and there's the technology that serves it. So that is here and that is something as I've said, which works well to create the bigger picture of identity management, your organization to define what are the different parts, and then to guide you through the entire journey of your identity management serving the digital business.
Great, thank you. And I'm looking forward to dig deeper into this picture and the functionalities. Thank you.