Eric Olden

Whether a disruption is caused by a natural disaster, malicious actors or malware, system failures lead to a predictable place. Even the most advanced authentication framework will fail if a primary identity provider (IdP) isn’t available. The result is typically a painful disconnect that leaves users frustrated and unable to accomplish tasks. ddressing this issue requires business and IT leaders to focus on three primary issues: First, as organizations become cloud-native and build out… Show more

Whether a disruption is caused by a natural disaster, malicious actors or malware, system failures lead to a predictable place. Even the most advanced authentication framework will fail if a primary identity provider (IdP) isn’t available. The result is typically a painful disconnect that leaves users frustrated and unable to accomplish tasks. ddressing this issue requires business and IT leaders to focus on three primary issues: First, as organizations become cloud-native and build out multi-cloud frameworks, it’s vital to eliminate dependencies that may exist between and among cloud platforms, identity systems and applications at runtime.

Creating an air gap breaks dependencies and enables a different identity provider to fill the void until the primary identity system is back online, preventing application outages.

It’s also critical to establish failover capabilities between identity systems in applications and clouds. Problems can occur, for example, when a cloud service goes down, and users can no longer authenticate with its identity service to access applications. Establishing a failover to an IdP on a different cloud service will maintain availability.

Finally, there’s the question of how to keep on-premises applications operating when they use a cloud-based IdP. In order to achieve this level of resilience, failover to another identity system in a different cloud service or on-premises infrastructure like LDAP is required. Show less

IAM is the glue that holds everything together and protects an organization from unauthorized access, hacks and data breaches. The ability to know who is using the system, continuously authenticate the individual or device and ensure that they have access only to authorized applications, data and resources is also at the foundation of zero-trust security.Yet, dealing with multiple IAM systems from different vendors can push already stretched-thin identity and IT teams to their edge. Individual… Show more

IAM is the glue that holds everything together and protects an organization from unauthorized access, hacks and data breaches. The ability to know who is using the system, continuously authenticate the individual or device and ensure that they have access only to authorized applications, data and resources is also at the foundation of zero-trust security.Yet, dealing with multiple IAM systems from different vendors can push already stretched-thin identity and IT teams to their edge. Individual identity components and systems don’t always play nicely with one another. This often leads to problems that rank somewhere between irritating and dangerous, including complex system management, poor performance for users and real-world security risks. How can an organization rein in the turmoil? One approach involves converged IAM. This model ties together various aspects of identity and access management into a single integrated and highly configurable framework. By integrating and abstracting critical authentication and authorization processes and operating at an abstraction layer above individual IAM components and vendors, technical and practical overhead diminish or even disappear. Show less

Identity orchestration with an identity fabric enables security teams to deal with the complexity of multi-vendor and multi-cloud environments much more easily. It can unify the identity operations of incompatible legacy and modern cloud IDPs. When the goal is to move apps off end-of-life/end-of-service legacy IDPs, identity orchestration can provide several benefits.It allows an organization not only to move but to improve its identity infrastructure by adding new capabilities like… Show more

Identity orchestration with an identity fabric enables security teams to deal with the complexity of multi-vendor and multi-cloud environments much more easily. It can unify the identity operations of incompatible legacy and modern cloud IDPs. When the goal is to move apps off end-of-life/end-of-service legacy IDPs, identity orchestration can provide several benefits.It allows an organization not only to move but to improve its identity infrastructure by adding new capabilities like passwordless access and MFA without re-coding applications.

With identity orchestration, enterprises can mix and match legacy, on-premises IDPs with any number of modern cloud IDPs, again without rewriting any target applications.

In addition, identity orchestration can greatly simplify the process of managing policies. Without orchestration, changes have to be written separately in each identity system. This is time-consuming and expensive, and it also opens up the possibility of errors (e.g., neglecting to change one of the applications). Identity orchestration makes it possible to manage identity policies for all applications once instead of having to manage each IDP separately. Show less

Many organizations are facing the challenge of modernizing their apps to meet compliance requirements, support digital transformation and respond to mergers and acquisitions or divestitures. However, the scale of the number of apps can be enormous, with hundreds of business-specific apps serving different business units and functions distributed across international operations—not to mention accumulated legacy apps from mergers and acquisitions. Compounding this, tight time frames for these… Show more

Many organizations are facing the challenge of modernizing their apps to meet compliance requirements, support digital transformation and respond to mergers and acquisitions or divestitures. However, the scale of the number of apps can be enormous, with hundreds of business-specific apps serving different business units and functions distributed across international operations—not to mention accumulated legacy apps from mergers and acquisitions. Compounding this, tight time frames for these projects put intense pressure on meeting milestones, especially in divestiture scenarios with strict transition timelines.
How can organizations modernize and improve the security of thousands of apps without rewriting them? The solution is identity orchestration. Read the article to learn the step-by-step guide to modernizing application identity using identity orchestration. Show less

Private equity (PE) firms are picking up identity and access management (IAM) companies at a fast pace. Why is IAM so hot? PE firms like identity technologies because these systems are considered to be a recession-resistant play. After all, everyone needs IAM systems to run apps, and apps run everything in business today.

Since identity systems are hardcoded into apps, each app must be rewritten before it can be moved to a modern cloud identity system like Okta, Amazon Web Services… Show more

Private equity (PE) firms are picking up identity and access management (IAM) companies at a fast pace. Why is IAM so hot? PE firms like identity technologies because these systems are considered to be a recession-resistant play. After all, everyone needs IAM systems to run apps, and apps run everything in business today.

Since identity systems are hardcoded into apps, each app must be rewritten before it can be moved to a modern cloud identity system like Okta, Amazon Web Services, Microsoft Azure AD, Google Cloud Identity or another identity provider. For the average large enterprise, this can mean years and millions of dollars spent in labor and technology—not to mention disruptions and potential downtime affecting business operations.

Migrating to more secure cloud identity infrastructures can allow enterprises to retire all of their aging on-premises gear—not just the software but also the servers and all of the other infrastructure that goes along with them. One way to view this challenge is by comparing the current identity infrastructure to an iceberg, with the tip of the iceberg being the IAM software license. Orchestration can blast the whole thing out of the way, clearing the path to modern cloud identity systems mentioned earlier. Show less

It should come as no surprise that people don’t like passwords. One Google study revealed that 75% of consumers were frustrated by password-based authentication methods. Meanwhile, 48% of consumers under 40 feel safer using biometric technology.

Unfortunately, for today’s giant financial institutions, abandoning passwords isn’t a simple matter. CIAM processes are hardwired into their production applications, typically in several different places. Changing the process would involve… Show more

It should come as no surprise that people don’t like passwords. One Google study revealed that 75% of consumers were frustrated by password-based authentication methods. Meanwhile, 48% of consumers under 40 feel safer using biometric technology.

Unfortunately, for today’s giant financial institutions, abandoning passwords isn’t a simple matter. CIAM processes are hardwired into their production applications, typically in several different places. Changing the process would involve rewriting an enormous amount of code, which is particularly difficult in monolithic applications that may have limited documentation and hidden dependencies.

The key to rolling out passwordless authentication for activities like online banking is to decouple identity from applications via an abstraction layer. This makes it possible to deploy passwordless technology from any vendor without recoding the bank’s apps to support this new capability. All the necessary technology exists, and when properly orchestrated, it can provide customers with a passwordless authentication experience. Here’s an example of a typical customer user experience. Show less

In any M&A deal, the goal is to handle an incredibly complex process in the most streamlined way possible. There’s a need to move quickly but thoroughly because the longer a deal drags on, the greater the risk of a problem—or failure to close. Stock prices may change, sales may rise or fall and myriad other business and security problems can surface.

These problems often arise when multinational companies and regulatory environments are involved. Suddenly, currency fluctuations, human… Show more

In any M&A deal, the goal is to handle an incredibly complex process in the most streamlined way possible. There’s a need to move quickly but thoroughly because the longer a deal drags on, the greater the risk of a problem—or failure to close. Stock prices may change, sales may rise or fall and myriad other business and security problems can surface.

These problems often arise when multinational companies and regulatory environments are involved. Suddenly, currency fluctuations, human resources issues and a variety of other factors ratchet up the complexity along with the overall challenges. Navigating this space—and orchestrating various IT systems—can determine whether a merger soars or stumbles.

The ultimate aim of any M&A initiative should be to merge existing and new identity providers without enduring major code changes. Using an automated approach, companies can eliminate the onerous task of mapping everything and then swapping various identity providers with new applications. It also eliminates the expensive and time-consuming task of rewriting code and reconfiguring identities and settings across various systems. Show less

Managing and securing vast numbers of people, systems and devices across clouds is difficult. Although several identity standards exist, none were designed to address multi-cloud policy management challenges. As a result, organizations aren’t equipped to handle the complex policy orchestration requirements that multi-cloud identity management requires.

There are many elements to creating a zero trust architecture, but identity is at its core. In this context, identity orchestration can be used to enforce consistent policies across three planes: identity, networking, and applications.

Adaptive authentication can make adding zero trust a kinder, gentler experience for users. Implementing a controlled and gradual transition to a world beyond passwords will determine the success or failure of zero-trust projects.

In computing, the role of standards is well understood. They provide users with the confidence and flexibility that comes from knowing which different software, hardware and data formats will work with each other. Standards also future-proof technology investments. But when it comes to identity, things have evolved fast and loose since the 1990s. The growth of software as a service (SaaS) is bolstering the use case for a new identity standard that can translate and transform proprietary policy… Show more

In computing, the role of standards is well understood. They provide users with the confidence and flexibility that comes from knowing which different software, hardware and data formats will work with each other. Standards also future-proof technology investments. But when it comes to identity, things have evolved fast and loose since the 1990s. The growth of software as a service (SaaS) is bolstering the use case for a new identity standard that can translate and transform proprietary policy formats and data between applications that use different clouds. In a multi-cloud world, where identity is distributed across different systems, a new standard is needed to provide interoperability and break the vendor lock-in that comes with proprietary systems and cloud platforms. A standard would give enterprises the flexibility to move workloads between cloud providers easily and switch vendors based on cost or features, without having to factor in the work and expense of converting to a new vendor's proprietary identity infrastructure. Show less

Moving to the cloud is neither easy nor fast for healthcare organizations. The majority have only moved a fraction of their mission-critical and legacy applications because moving them is time-consuming, difficult, and very expensive. There are several reasons for this: security, budget, identity silos, distributed identity, hybrid access, identity standards.

...."Pretending you are doing something about it
Another popular approach to any challenge is to pretend to do something about, because then you at least have your own back covered.
Some application providers choose this approach by deciding that they only support standards. The problem is that there are no widely adopted standards in this field. SAML is promoted as an industry standard, but that is of little value when your customers haven't adopted it. According to Eric Olden, one of… Show more

...."Pretending you are doing something about it
Another popular approach to any challenge is to pretend to do something about, because then you at least have your own back covered.
Some application providers choose this approach by deciding that they only support standards. The problem is that there are no widely adopted standards in this field. SAML is promoted as an industry standard, but that is of little value when your customers haven't adopted it. According to Eric Olden, one of the fathers of SAML, in an article in Computer Magazine in 2011: "The problem with federation and SSO is that, after more than a decade, SAML adoption has not risen above 10 percent of enterprise apps - apparently due to the excessive costs of infrastructure software. There simply is not enough return on investment for most service providers to implement, expand, and manage a complex federation network". The adoption among large enterprises is not any bigger, and especially among mid-sized enterprises SAML is practically non-existent. In my own personal opinion, SAML requires too much from too many to make it mainstream any time soon." Show less

For enterprises, the collision of the mobile revolution with the cloud revolution represents a security train wreck. Tablets and smartphones are quickly becoming the productivity tool of choice for executives, sales professionals and remote workers.

However, BYOD -- Bring Your Own Device -- is making it extremely difficult for IT departments to enforce security policies on private and public cloud applications accessed from personal devices that are not owned by the company… Show more

For enterprises, the collision of the mobile revolution with the cloud revolution represents a security train wreck. Tablets and smartphones are quickly becoming the productivity tool of choice for executives, sales professionals and remote workers.

However, BYOD -- Bring Your Own Device -- is making it extremely difficult for IT departments to enforce security policies on private and public cloud applications accessed from personal devices that are not owned by the company. Nevertheless, there are practical ways to address this problem.

One of them is using single sign-on (SSO) to improve user convenience while reducing data security risks. Show less

http://www.infoq.com/articles/architecting-cloud-scale-identity

The cloud has quickly become one of the most disruptive forces in recent IT memory.

Offering greater reliability, improved flexibility, lower costs, and simpler deployment, the cloud has undeniable potential to benefit all users and businesses. Yet, for all of its promise, the cloud is relatively young. Many enterprises still express concern about adopt­ing the cloud full-scale for critical workloads. The most cited… Show more

http://www.infoq.com/articles/architecting-cloud-scale-identity

The cloud has quickly become one of the most disruptive forces in recent IT memory.

Offering greater reliability, improved flexibility, lower costs, and simpler deployment, the cloud has undeniable potential to benefit all users and businesses. Yet, for all of its promise, the cloud is relatively young. Many enterprises still express concern about adopt­ing the cloud full-scale for critical workloads. The most cited reason for not moving to the cloud is concern about security. In particular, managing user identity and access in the cloud is a tough problem to solve and a big security concern for organizations.

Identity management in the cloud is especially diffi­cult because of the cross-cutting nature of identity and its impact across architectural and organizational do­mains. Many businesses fear that using the cloud exposes them to possible attacks and data breaches. Additionally, many companies are not equipped to manage identities at enterprise-scale and in the cloud because they lack flexible identity management that encompasses both domains.

Identity management must evolve for the cloud to become a trusted computing platform. A revolutionary approach to identity management - a federated identity fabric - spans enterprise and cloud boundaries. Show less