Event Recording

Live Q&A and Discussion - Identity Fabrics 101


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
And thank you from our end here. Really interesting session. And we have questions coming in from the audience. So if you have to, the audience, if you have more questions, keep send sending them in via the platform and I'll receive them here. We actually had a, a question left over from last session, which was answered very perfectly here at the end. So we know that identity fabrics is not a product, but what are the recommendations that you have for finding products that lend themself to building the identity fabric? Maybe in two words. I think that's all it requires here. Maybe from Martin,
Well, two words already, already above that I should say. Yeah. What was the recommendation? I think the recommendations at the end, start with the plan, understand your requirements and work from there and do it so thoroughly. Because I think that the point is like, like with other things, if you think you can save time in sort of roughly just picking a product, this will usually not payoff.
Yeah. Thank you. More than two words, but a, a fuller answer for it. A next question from the audience, Would you highlight specific authorization and federation standards that support of futureproof identity fabric?
Yeah, maybe I start off with that. Yeah. The, the, the standards are well established and the modern standards are, are clearly identified as being all of two and open Id connect. So these are the, the standards that usually come into our minds when it comes to implementing more modern approaches. But as an identity fabric needs to cover all different use cases. And this includes also legacy use cases. We also might even provide support for legacy standards, including, yeah, Sam or even l d or ERO or, or proprietary formats. I think this is an aspect that we need to consider as well. We need to build a solution that fits all needs and suits all needs and, and yeah, implements also these standards. But when it comes to modern, the, the first two Martin,
I, I would even tend to add at least two more, even more modern standards. The one is did comment all the other decentralized identity standards. So with decentralized identity becoming a important element in that. And then there is 5 0 2, not to forget, and the latest one when then it is in I think iOS whatever, 16, 14, 15. I'm not tracking these numbers, but in one of the upcoming iOS versions, then really every one of the big players will support five two as well. And that surely will also impact the authentication standards. But yeah, other standards as well as think on the, the IGA side, we need to look at ski. We see a number of emerging potential standards in the sort of policy management, policy based access, etcetera area. So there's, it's not stopping, it's really continuing with new standards popping up.
Thanks for your insight here. A next question, would you say that an IGA system and a runtime authorization tool can compliment each other?
Yes. In at the end they, they, they, they have a bit of an o overlap button, very much overlap. So, and given that that both aspects make sense and that there's type of huge overlap, they can obviously compliment each other, right? And what we see more, and it will be something which I think is a good point to hit people at the European Identity Conference 2023 next year in May and Berlin, there we will talk way more about policy based access controls, policy based authorizations and also how this works together with it, etcetera. This is still evolving, but it's, it's a trend and early trend, but a trend.
Absolutely. And I would say regarding the complimenting of the two sides of things, this is something that we see in reality in many cases that you have a strong IGA solution which makes sure that the life cycles of identities are taken care of properly while they provide into an access management system. That might be something like Microsoft Azure ad or other systems that provide high volume authorization and authentication functionalities. So there is a dividing line. This also reflected in the, in the availability of such a system. If an IGA system is down for a minute, nobody cares. If an authentication system is down for one minute, everyone will care. So this is also something that needs to be taken care of and we see that in reality.
Yes. And the latest one we talk about things like continuous authentication, which repeatedly happens in the background. Then one minute can be very long in the fact quite a number of your users.
Thank you. Another question this time shifting towards automation. If we're seeing a growing number and type of, of identities coming into our systems, how can increased automation then be reflected in an identity fabric?
So
Maybe I
Yep, you start, go ahead.
Okay. Yeah. But, but if, when, if you look at the different capabilities, they, many of them cover several aspects that really deal with automation. So the, when it comes to the provisioning of, of access to systems and also of identities to, to consuming provision systems. And that is something where policy based provisioning can of course increase the, the level of automation dramatically. And we are also moving towards something that Martin already mentioned when it comes to policy based authorization decisions. This is something that is more or less something like, like automation taken to the next level because the authorization process really takes place based on information that is available at run time. And if we can move it even to that point, then even no automation is required and it can be done at run time. But whenever we need to have automation, that is something that is built into workflows, into provisioning engines and also into the authorization part. And if it's not automation then should be something like user self-service moving the information and the, and the workload away from administrators and the line of business towards those who really know the, the people who deal with this.
Yeah. And it's not only from from from it. I think the other side is where we see a need and the growing set of solutions for automation. Automation is, is when it comes to the infrastructure as a service and the trainer speak cloud service provider environments where we have not only humans accessing service or applications, but where we have services accessing resources in a very volatile environment. Talking about actual it, talking about DevOps. And there it is even more important that we have automation and solutions like what we described with our dream approach or dream. They are heavily about automation and about policy based access to automate in this environment to even also create what commonly is called infrastructures code automatically when it comes to the identity and security aspect. So automation, I would say is very deep in the DNA of the identity fabric.
Really interesting. Thank you very much for this and I'm happy to welcome you back very shortly for our next session.