Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Topher Marie of Strata Identity clears the way for identity management by removing the roadblocks to app modernization.
The benefits of the cloud aren’t lost on anyone. Organizations gain agility, flexibility, and scalability, leading to productivity gains, cost savings, and innovation. Yet, migrating to the cloud can be a painful and frustrating process. Especially modernizing applications, which pose a formidable challenge. As a result, many organizations turn to a basic lift-and-shift approach. But this doesn’t tap into the full power of the cloud– or enable many of the features and capabilities that make the cloud so attractive. The most successful initiatives involve true app modernization, but that introduces its own obstacle: modifying identity management systems.
At the heart of the problem: apps are typically hard coded to work with one ID system. Cloud migrations typically require teams to rewrite each application or identity system for the new platform. There’s a better way. With the right technology foundation in place — a framework that uses identity orchestration — it’s possible to skip the arduous task of rewriting apps from the ground up, while improving authentication through multi-factor authentication (MFA) and passwordless access.
One thing that makes identity management so complicated is that there’s no standard definition for the term. As a result, many vendors claim they offer solutions tackling identity orchestration. In reality, many of these products simply build workflows on top of existing technology. They don’t truly orchestrate identity. For example, what’s often labeled identity orchestration is just federation. Many systems accommodate identities across applications and platforms — even across multiple enterprises — but they don’t address the fundamental challenges related to building a modern system that’s equipped to work across clouds and API-connected applications.
It’s critical to recognize that identity migration and app modernization are closely linked, and simply porting identity data over from one system to another so people can log in doesn’t address deeper challenges. In fact, in some cases, it can lead to additional vulnerabilities and problems– and deepen security risks. Failed logins, password resets, and security breaches can quickly become overwhelming. Data integrity can also take a hit. More than a few companies have found it necessary to roll back systems after a failed “big bang” effort to move to the cloud.
Getting a handle on the challenge is essential. True identity orchestration involves far more than rewiring workflows so people can authenticate. It pulls together disparate sources of identity and access control information and creates a seamless authentication infrastructure. By unifying otherwise incompatible identity providers (IdPs), an organization not only simplifies access control but also hardens it. One way to think about identity orchestration as an international electrical current adapter. If you try to use a hair dryer or any other appliance in another country, you may be out of luck without an adapter. You wind up with a fully functioning device that you can’t use. Rather than buy a new hair dryer every time you visit another country with a different electrical current, you invest in an adapter with plugs for every type of current. Identity orchestration acts as a universal adapter. It allows you to embrace clouds, modernize applications and seamlessly unify incompatible identity management systems.
Cutting Through the Noise
Getting to a best practice level requires a few things. First, there’s a need to decouple apps from identity systems and IdPs. This introduces the opportunity to evolve to a more advanced level of identity management– and avoid the migration problems that typically surface when organizations move to the cloud. Second, don’t try to standardize on one IdP. In many cases, it won’t solve the fundamental problem. It simply adds a new layer of complexity while reinforcing vendor lock-in. A more elegant and productive option is to adopt standards-based identity orchestration that unifies policies across clouds and the entire application stack, often through an open-source framework.
At best, this approach introduces universal policy access, agentless and proxy-less policy orchestration, deeper visibility into who has access to apps, and the ability to use APIs to orchestrate and manage policies securely. This approach creates an identity fabric that serves as a connective tissue between individual cloud platforms and IAM systems, is adapted to today’s business environment– and is better equipped to address the complexities of cloud migrations.
What’s more, all of this occurs seamlessly and transparently. Various groups, including end-users, don’t see the infrastructure that supports advanced and integrated identity management and authentication. There’s no need to rewrite apps; users don’t have to undergo password changes and other contortions that lead to frustration, higher costs, and subpar results. Suddenly, a migration to the cloud becomes feasible even when it involves tens of thousands of users and hundreds of applications. Application modernization is no longer an abstract goal; it’s a tangible reality.
- Removing the Security Roadblocks to App Modernization - January 20, 2023