Live Webinar- Through the Eyes of the Adversary: Breaking and Defending Identity
Four professionals sit around a wooden table with laptops, coffee, and documents, smiling and shaking hands, suggesting a successful business meeting or agreement.

Thoughts on the Aite-Novarica Group 2022 Impact Innovation Case Study

/in /by

Last month, Aite-Novarica announced that Radiant Logic won their 1st Annual Cybersecurity Impact Award for Best Enterprise Security Solution for Employee and Nth Party Access. This month, they’re following up with a case study illuminating the benefits of the RadiantOne Intelligent Identity Data Platform.

This award was not one of the pay-for-play types so common these days; no, this award was vetted not only by the analyst firm but also by industry experts and several journalists. For Radiant Logic to have won this award, the panel/judging body looked beneath the surface-level of the IT security infrastructure related to implementing a Zero Trust Architecture. Especially since Radiant Logic’s solutions do not fit into standard identity management ecosystem categories but are nevertheless critically important to building a successful ZTA implementation, implementations that depend on a solid identity data foundation on which all ZTA components can rely. Avoiding custom coding and piecemeal workarounds is key to hastening and unlocking the value of identity data for this broad-reaching security architecture.

RadiantOne delivers unified identity data across the enterprise to simplify complex identity infrastructures and establish authoritative identity data for the business. Standardizing identity data access across the enterprise fulfills a critical capability often overlooked in many organizations, partly due to vendor promises that whatever IAM, IGA, PAM, or fill-in-the-blank can access the identity stores needed to accomplish their mission. It’s not that these vendors are lying; they can (eventually) get the right data to make necessary identity-related access or management decisions—it’s just at what cost.

After all, any problem in this space can be solved with enough resources. But that’s precisely the problem. According to the report,

“Internal teams working to retire technical debt were often challenged to retire identity silos due to several factors, including strong coupling to business-critical applications, lack of identity expertise on staff, limitations of underlying protocols, and lack of funding support.”

-Aite-Novarica Impact Awards, Cybersecurity

Budgets to wire identity-consuming applications to identity-providing directories and databases are constrained or don’t exist. What happens when their vendor’s underlying identity stores need to be migrated to the cloud or are obsoleted? Oh, and do the skills exist to do this kind of work and keep it updated over time? And if these resources are available, aren’t there better things they should be tasked with? Like figuring out how to build out a Zero Trust Architecture?

The primary tenant of implementing a Zero Trust Architecture is that all users, whether in or outside the organization’s network, be authenticated, authorized, and continuously validated before being granted or maintaining application and data access. The data driving these decisions must be correlated, up-to-date, timely, and derived from identity sources dispersed on-prem, legacy, and cloud technologies. Enter Radiant Logic and Aite-Novarica Group’s recognition that getting identity right the first time and every time after is what’s critically important when building out a ZTA.

The Aite-Novarica case study examined how RadiantOne was designed to support challenging and complex identity environments. They concluded that RadiantOne simplifies identity data access in enterprise-level, diverse identity ecosystems, especially environments that have grown through acquisition. RadiantOne operates in hybrid hosting models, supporting disparate identity sources. Radiant Logic solutions yield transformational value within highly regulated industries such as financial services, insurance, and healthcare, as well as many large customers in defense and federal agencies.

RadiantOne connects to all sources of user identity across the enterprise, transforming this data into global user profiles and making these profiles accessible in the exact format required by every consuming application and service. RadiantOne automates the painstaking identity tasks of aggregating, joining, correlating, and synchronizing identity data from disparate identity silos into one authoritative identity data pipeline. RadiantOne delivers a single, authoritative identity source to applications, simplifying access decisions such as authentication and fine-grained authorization even when identity data is dispersed across backend stores, all without impacting users or applications. All capabilities that are required when designing a Zero Trust Architecture.

The case study also included financial justifications for deploying RadiantOne. After all, justifying another solution to support all the solutions currently in place or planned will require some economic justification. In the case study, Aite-Novarica highlights that RadiantOne was able to deliver customer value in as little as one month with the following benefits:

  • Identity transformed into business enabler: product and development processes can operate at a greater pace with one customer experiencing time-to-value being reduced from months to weekson every project
  • Dramatic increase in project ROI: One deployment they studied saved the customer $1.4M; another customer shared that Radiant Logic delivered an integration path that enabled the integration of two merging firms, saving years of work and over $100M in IT costs
  • Advanced 360-degree view of users: RadiantOne delivered clear and comprehensive views of users, providing unprecedented “identity intelligence” for operational personnel to improve onboarding and termination processes

Businesses of all types are executing strategic digital transformation initiatives. Many of these transformation projects are looking to build in Zero Trust as a critical part of their cybersecurity modernization efforts. The success of all these efforts starts with the user identity. If done well it can be an enabler—alternatively, it can be a significant impediment if done wrong

To see what your organization stands to gain from an Identity Unification approach, get in touch to discuss more.

Desert landscape with rugged mountains under a dramatic orange sky at sunset. The foreground features sparse vegetation and dry, rocky terrain, while the distant peaks are illuminated by warm sunlight.

Takeaways from the Gartner IAM Summit 2022

/in /by

I was lucky enough to attend last month’s annual gathering of identity leaders and practitioners, and boy was it good to be back together in-person! If anything the IAM community is stronger than ever, with happy hours in full swing, fully booked meeting suites, and late nights spent catching up after the show.

A few takeaways I thought I’d share after sitting in on a number of the analyst-led sessions:

The Concept of an Identity Fabric is Taking Off

Whew, was this phrase everywhere this year. It was mentioned in nearly every analyst session, and I couldn’t help but notice the number of vendors who have incorporated this concept into their marketing and their booth displays. And why wouldn’t it? The identity fabric—while still about 10 years out, according to Erik Wahlstrom’s session–begins with the current IAM ecosystem, and it’s a target to be evolved towards. As opposed to earlier trends towards centralization, the fabric approach is about being composable, extensive, and agile. My favorite line of the conference was that “standards are the threads of the fabric,” and with many emerging standards like OPA and IDQL, the possibilities are exciting.

There’s a Lot of Room for Modernization Around IGA

The sessions I went into focused on IGA—especially the Market Guide session with Rebecca Archambault—were standing room only! David Collinson’s session confirmed what we’ve heard from many Radiant Logic customers—at least 50% of IGA deployments are in distress, and there is certainly no one-size-fits-all solution. It is without a doubt the most complex and burdensome of IAM projects, and arguably the area that is the most ripe for innovation and disruption. Finally, we heard again that the first step in a successful IGA deployment is data clean-up and entitlement management—like many projects in IAM, it all comes down to being able to access the right data at the right time.

Zero Trust is Moving From a Buzzword to a Board Room Priority

As John Pritchard mentioned in our podcast, Zero Trust is now becoming table stakes. It’s not something you can buy, but it is something that must be adopted at all levels of the IAM structure. In Ramon Krikken’s session, he emphasized that it’s actually a misnomer—it’s not about “Zero Trust,” but about reducing and eliminating implicit trust, and basing your trust on identity and context in adaptive systems. As supported by NIST’s recent architecture documents, accessing run-time identity is key to the Zero Trust strategy. That’s the result of having a perimeter-free world—identity is both a key attack surface, and the ultimate control surface.

Cloud Infrastructure Entitlement Management (CIEM) is Having a Moment

According to Henrique Teixeira’s session on this topic, he speaks to at least two new CIEM (pronounced “KIM,” because we need another acronym) vendors per month. This supports recent findings from 451 Research as well, who predicted that this segment will be the fastest growing submarket in identity and access management over the next five years. Very exciting to see the interesting use of analytics and machine learning to detect anomalies, and we’re looking forward to seeing how demand for this type of solution evolves—will this get stuck in the trough of disillusionment, subsumed by other tools, or are we on the fast-track to wide adoption?

Convergence of Identity Tools is a Very Real Trend, But it Demands Compromise

We’re seeing many vendors creep into adjacent spaces, offering “good enough” products to fulfill the baseline needs of related IAM sub-segments. According to Gartner Research, 85% of Access Management vendors are expanding into IGA or PAM features. On the one hand, this is very appealing; borrowing a metaphor from the session on the Access Management market, you can go to Walmart and buy a “good enough” bike that gets you from home to your local coffee shop. On the other hand, convergence means you’re only getting partial functionality, and if you’re looking for an enterprise-grade solution, you may need something more than the “light” options provided by a converged platform. If you’re looking to complete a Century ride, you’re going to tire pretty quickly on the ten-speed from Walmart. Similarly, your converged platform can only get so far in complex, siloed, and legacy identity environments.

For now, we’re still digesting the learnings for the many sessions, analyst meetings, and customer conversations (not to mention the Vegas dinners). It does feel that we’re in a unique moment for identity, when it finally has a seat at the table—when an identity-enabled business is reaching the most senior levels of the organization. It’s a great time to be doing this work.

Aerial view of a busy city street with cars, taxis, trucks, and numerous motor scooters waiting in traffic at a stoplight, seen from above. White arrows are painted on the asphalt, indicating directions.

Gartner Peer Insights on Identity Data Management: Roadblock or Business Enabler?

/in /by

Here at Radiant Logic, we understand how identity complexity—including disparate data sources, dozens of identities for every single user, and different identity demands from each application—adversely affects security, slowing roll-outs and stopping progress across a host of critical identity-driven initiatives. But we wanted to hear from the folks who deal with these complexities daily, to gain a deeper understanding of what’s working and what keeps them up at night.

We partnered with Gartner Peer Insights to see how IAM leaders are looking at identity management these days. Together, we surveyed 100+ IT and information security experts involved in purchasing identity-related projects. Our goal was to better understand how they address today’s identity management challenges. The results are in, and here’s a look at what we discovered. (Want to skip the post and go straight to the survey? We got you: Read the Survey)

Identity Management is Critical to Stopping Identity-Related Breaches 

Disparate identities are directly responsible for identity-related breaches as IT leaders struggle to address identity sprawl. 84% of the organizations surveyed reported an identity-related breach, and 67% experienced one in the last year. The problem with disparate identities is they only get worse with time. Every new user, every user that changes status—along with each new application—makes the problem exponentially worse. 60% of organizations stated they have over 21 disparate identities per user, with 34% reporting 21-30 disparate identities.

Critical Yes, but the Business has Mixed Feelings

We asked our identity experts how the business views identity management and uncovered a familiar tension between identity teams and the broader business: while more than half of all respondents rated identity management as vitally important, 61% of respondents reported that their business sees identity management as “too time-intensive and costly to manage on an on-going basis.” (We can help with that: learn how!)

But we also saw some encouraging signs in the business side’s understanding of the importance of identity management, with more than half (58%) of respondents agreeing that identity management plays a vital role in effectively managing hybrid infrastructures and nearly half (47%) saying it impacts the ability to make informed security and business decisions. (Perhaps they’ve been attending our webinars or reading the blog?)

Pitting Employee Satisfaction against IT Spend

Today’s IT and InfoSec leaders must balance employee frustration and productivity challenges (46% of respondents) with ongoing budget concerns due to a lack of identity-related allocations (71% of respondents). Not being able to support business growth due to outdated systems and the fear of not being able to protect the organization from security threats were each identified by around a third of respondents, as well.

The good news is that 28% of our identity execs have good visibility into their systems, and they’re able to manage identities across their on-prem and cloud IT infrastructures. But for more than two-thirds of respondents, identity sprawl is a known issue that they’re not sure how to address. (Here’s a hint, just saying…) 

The Right Approach to Implementing Your Identity Data Management Strategy

RadiantOne delivers the capabilities needed to connect disparate identity data sources to make Identity Data a reusable resource. With RadiantOne, businesses can integrate IAM, IGA, or other identity-consuming apps with any identity data source to create a unified identity data management strategy. A strategy that turns identity data into a business enabler addressing the complexity, cost, and security issues facing many organizations today, as clearly shown in the Gartner Peer Insights survey.

Check Out the Full “Gartner Peer Insights” Survey 

Dive deeper into the data and explore the responses to hot button topics, such as identity-related breaches and intelligence initiatives. Learn how Identity Data Management can be a business and security roadblock if it’s not implemented correctly, but becomes a true business enabler when you dial in your underlying identity data. We’d love to talk you through it, so contact us.

Check out the survey now!

Close-up of colorful threads woven through the vertical strands of a loom, showing an array of vibrant colors including green, blue, red, and orange, creating an intricate textile pattern.

31 Flavors of Identity Warehouse

/in /by

It doesn’t matter what you call it; the question is, does it work?

Directory. Database. Hub. Warehouse. Lake. Lakehouse. Fabric. Mesh. No matter what you call it, organizations need a central data repository for identity that can drive other “things” in their organization. In the world of identity, it drives access, authorization, governance, and securityit also supports strategic initiatives like digital transformation, cloud migration, IT modernization, Zero Trust, M&A, and more.

These days we’re seeing a key trend among our customers in their journey to enhance access control and, in particular, their challenges around identity data, identity governance and administration (IGA) processes.

The trend is a move to a more systematic, strategic model to simultaneously support multiple functions of identity management (like IAM, IGA, PAM), based on a central identity repository containing “good” identity data. We are hearing this component called by MANY names, including but not limited to: Identity Warehouse, virtual directory, entitlement catalog, master user record, enterprise identity data bus, information point, attribute store, identity registry, identity metadata hub, identity exchange, single source of truth, identity lake… and more.

Most Central Data Repositories Don’t Deliver on their Promised ROI

The challenge is that historically, identity stores have been (and still are) built with a specific function in mind: they have a portion of the identity profile stored in a particular format and aren’t easily extensible—they are not meant to be “everything to everyone.” It’s very difficult to design a system that checks every box of every system that needs access to identity data, and requires a set of capabilities that don’t come out of the box with most solutions.

That traditional approach is in contrast to the RadiantOne Platform’s role of unifying information from these different types of sources together to serve many functions. With RadiantOne in place, our customers can build an actionable data source to enable common access and governance models, to increase efficiency, deliver faster time-to-value for applications and services, and of course, better security.

One of the ways the idea of a central identity system is increasingly being articulated is with the concept of an “Identity Warehouse,” so let’s look at what that means, and what functions and capabilities we think it should deliver…

What is an Identity Warehouse? 

An Identity Warehouse should be a comprehensive, always-available, always-up-to-date “source of truth” (pardon the cliché!) of all identity data in the enterprise. Maybe the idea of an “Identity Warehouse” has gotten a bad rap in your organization because it’s proven to be not-supportable, not-extensible, and doesn’t deliver the value it originally promised? That could be because the total scope of an ideal warehouse implementation was not fully planned out.

Some questions to consider. What kind of information does an Identity Warehouse need to store and make accessible? Entitlement information like roles and groups, yes, but also other profile information—location, phone numbers, department, and other attributes should be kept in a “warehouse.” Or an even more cutting edge use case, what about related information that may be outside the “traditional” realm of identity? In the world of insurance for example, we have customers who pull identity-adjacent data like claims and billing information into the user profile, to deliver their customers a more streamlined experience.

The Identity Warehouse needs to be more than a static source of entitlements. It needs to:

  • Be accessible in real-time to enable sub-second access decisions
  • Offer advanced integration, reconciliation, mapping and transformation tools
  • Ensure data quality and freshness with near-real-time synchronization

Analysts recognize this requirement: in his paper “The Role of Identity for Zero Trust” Martin Kuppinger, Founder and Principal Analyst of KuppingerCole Analysts writes:

“Common IGA solutions fail in the ability to federate information from various sources at real-time, and they commonly lack the depth of data integration and quality capabilities required for the Zero Trust use cases.”

There are many use cases, like Zero Trust, that require a common, attribute-rich identity source powering multiple “upstream” systems, enabling them to work in concert to deliver data-driven security.

Why IGA isn’t Sufficient for Building the Identity Warehouse

As anyone who has ever tried already knows, it’s not so easy to build that centralized repository (Identity Warehouse)—and usually involves the labor of a team of developers. Even then, this project often fails to return on its investment for several reasons. These custom solutions are:

  • Not extensible (this leads to the creation of yet more identity silos)
  • Not accessible at speeds required for making real-time access decisions (authentication, authorization)
  • Lacking integration capabilities including de-duplication and the ability to create a central, complete profile for each user identity
  • Lacking advanced, near real-time synchronization (over-rely on ETL and batch, hours-long or overnight synchronization processes) so data may be out-of-date and inconsistent, which is not ideal for an access scenario
  • Not able to integrate “nonstandard” systems like custom databases
  • Without tools for handling and automating groups (don’t underestimate the value of this capability, as groups management is a major pain point and an area where much can be done to automate and reduce administrative burden)

These shortcomings often result in a lengthened timeline for implementing IGA solutions and extra maintenance work as time goes on—a frustration we see a lot with customers who end up turning to Radiant mid-project when deployment keeps meeting delay after delay. For these customers, RadiantOne acts as an IGA middleware solution, removing integration and data quality issues as the roadblock to IGA success.

IGA Middleware: Sounds Boring, But Isn’t!

An Identity Warehouse needs to be able to do a lot of “niche” tasks like managing six different versions of the attribute “telephone number” because it’s stored in differently formatted silos in the organization, and every consuming application expects its own particular version—but an IGA solution isn’t built for that.

As Martin puts it, “With identity data sprawling across a wide range of systems, providing the data at the right place, on-time, integrated across sources, and in the required quality is still an underestimated challenge in IAM (Identity and Access Management). The effort for integration can’t be successfully done per verification system but requires a centralized and specialized approach for unifying identity data and delivering this to the various IAM and cybersecurity tools.”

Without a central identity system in place, IAM projects are difficult and time-consuming to complete. Projects that start with a solid identity foundation, or are augmented by one along the way, are accelerated and enhanced.

Quality, Quality, Quality: The Importance of Good Identity Data, and How To Get It

Put another way, as Homan Farahmand writes in Gartner’s 2022 “Guidance for IGA“, “Identity data quality management (in support of the ILM process) is a key success factor for IGA initiatives.”

If you read the fine-print for implementing an IGA solution, you’ll find there is a lot of hidden prep work required to make it work right. To set the stage for success with IGA, Homan recommends implementing an Identity operations (“IdOps”) practice: “IdOps should deliver value faster by creating predictable delivery and change management of identity data due to life cycle events. IdOps uses technology to automate the delivery of identity data with the appropriate levels of governance and metadata to improve the use and value of data in the IGA system.”

Homan highlights the importance of a functional identity data architecture for supporting data quality. “Organizations need to evaluate their identity data models and use an appropriate IGA middleware tool…” to address common challenges in IGA (including handling multiple authoritative sources, performance and availability, diverse schemas, and of course, data quality.)

It all comes back to the requirement for good identity data management, to get good identity data, to drive good decisions.

How to Build an Identity Warehouse

What’s the best way to build a warehouse? Rip and replace, start from scratch, or use what you already have? Ideally you’ll be able to keep using existing investments without them holding you back from modern initiatives like cloud migration—a solution that pivots to meet whatever requirements the use case calls for. Hmmmm, I feel like I’ve heard of something that does this…

The fabric pattern that we are seeing across markets (for data and also for identity) is the response to the common problems of data sprawl that is so pervasive among large enterprises. When it comes to identity data, we’ve implemented this approach with our platform so that organizations can continue to leverage systems of identity that are working well, while unifying identity data into a centralized control plane to be used by a variety of initiatives.

So remember, an Identity Warehouse needs to be:

  • Comprehensive (supports integration of entitlement AND profile data)
  • Extensible, flexible (for example, generates different data structures and schemas)
  • Capable of near-real time sync across multiple stores
  • Accessible in real time, scalable to manage hundreds of attributes and hundreds of millions of objects
  • Compatible with many systems, able to integrate new systems easily
  • Adept at managing groups

The goal of building an Identity Warehouse is NOT to add another data store with one function in mind: when you build flexibility into the infrastructure, you’re simplifying the identity system so that all identity-related projects can be streamlined.

What are the Benefits of a Centralized System of Identity Data?

The payoff to building an Identity Warehouse with a fabric approach is that you get to use and re-use your data many times, without having to customize a solution for every new project. Whether you are navigating a merger/acquisition/divestiture, enabling collaboration with partners, automating lifecycle management, delivering identity insights to drive better security or user experience, an Identity Warehouse can optimize the process using your existing identity environment.

If you want to learn more about Radiant Logic’s role in accelerating IGA deployments, check us out here, or let us show you how we can help with a demo.

A person sits on a rooftop at night, overlooking a brightly lit city skyline with tall buildings and winding highways filled with moving car lights.

Speed Your Identity Maturity Journey into Zero Trust with an Identity Data Fabric

/in /by

The security front line for today’s enterprises is always shifting as business workloads, data, and people continue to move more often than they used to. From on-premises applications to cloud services, the enterprise digital environment is always evolving. The same goes for cybercriminals who continue to steal resources and cause chaos in a race to outdo each other. Yet, a recent survey of IT leaders and decision-makers shows that 80% don’t have a uniform approach to controlling user access to their corporate networks.

Meanwhile, your enterprise continues to generate more and more data; onboard more employees, users, and devices; and move more workloads to the cloud. And with more than half of all enterprises using public cloud environments by 2023, it’s clear that the traditional perimeter-based security model will struggle to keep pace.

To combat this, many companies have started moving toward a Zero Trust (ZT) security strategy. Zero Trust can overcome today’s porous networks by offering additional security levels with identity-based security policies and infrastructure. It’s all about who users are, rather than their location.

Deploying Zero Trust is not a quick fix, however. It takes a multiphased, long-term approach to do it properly, which many companies are unwilling to do. As Radiant Logic’s Wade Ellery said of Zero Trust in a recent webinar, “It’s a journey, not a project. It won’t be bought and implemented in one quarter.”

One way to speed your identity maturity process as you work on the long-term project that is ZT is by using an Identity Data Fabric. It’ll optimize your preparations for ZT, close the identity gaps many companies have, and make your cybersecurity strategy more dynamic—something many companies are looking for.

Why Your Current Approach to Identity Complicates the Move to Zero Trust 

The traditional perimeter security approach depends a lot on location and static identity data. But today’s workloads and employees often exist outside the traditional perimeter and use multiple applications and systems to get their work done. Each new system or application fragments your identity stores and introduces new attack surfaces to your network. So, you bolt on new technologies to help integrate the most at-risk systems and cobble new security processes to include them.

Yet, it still isn’t working. Adding to your tech stack has only complicated your security strategy and increased your identity sprawl. Why is that?

The Problem: Your Existing Identity Data

Identity in today’s digital era goes beyond location and static information. It encompasses an array of contextual data for more precision. Instead of knowing that you have 50 employees at one location, identity in the ZT world includes role and group data. ZT has a list of the applications each role needs to use, the training this role needs to have, a list of the training employees in this role have already undertaken, when their certifications expire, and so on. Zero Trust security uses this contextual data to identify, analyze, and assess each user and request they make so that authorized users are granted the appropriate access to systems, applications, and data.

Traditional security approaches aren’t set up to handle all that information, nor do they even know where to find it. Simply adding new applications or technologies to your identity management solution won’t fix your ZT journey challenges. That’s because you’re dealing with fragmented and decentralized identity data. It’s the classic tech problem of “garbage in, garbage out.”

The Solution? Your Unified Identity Data 

Your identity data is also the solution to speeding your journey to a truly ZT approach. The two main foundations of a Zero Trust security approach, as outlined by the National Institute of Standards and Technology (NIST,) are:

  1. The functional components of identity: technology, data, and processes
  2. The engines that make the decisions based on the information from the functional components

Most companies have the engines covered, so they know how their security policies should be set up. But many companies struggle with the functional components of identity because they don’t always integrate nicely or work well in a ZT framework. This is where you try to bolt on new applications, spend your entire IT budget on “fixing” database connections, or move workloads to the cloud. In reality, all you’re doing is shifting the problem around and creating an even more fragmented identity framework.

To combat the tangled mess of identity sprawl and get your dream of ZT security back on track, consider implementing an Identity Data Fabric. It’s a solution that enhances your existing data and infrastructure, making it more robust and adaptive to the ever-changing business environment, no matter where you are with your ZT implementation.

How an Identity Data Fabric Accelerates Your Zero Trust Journey

An Identity Data Fabric can move your company further and more efficiently into your ZT security journey in three main ways: by finding and identifying all of your identity data, helping you define and shape the relevant attributes for ZT, and fostering a dynamic security ecosystem that evolves efficiently as your needs change.

1: Efficiently Unifies Your Identity Data 

It starts by knowing where your identity data is within your company’s entire ecosystem. That means finding all of the AD and legacy LDAP directories, databases, accounts, user groups, third-party systems, cloud applications, and anything else that stores identity data for your organization so you can see what you have and where you have it.

You’ll use this diverse data to quickly create your Identity Data Fabric. By knowing where all the data is, you can start building the governance rules, policies, and guidelines for your ZT security system. Then, back them up with rich and accurate identity data drawn from all your diverse sources.

2: Effectively Integrates with Your Data Governance Tools

ZT security works by applying policy-based analysis and decision-making to your identity data. Most companies fail at this point as they try to implement the decision and analysis portion of ZT using fragmented identity infrastructure, so it never works properly, efficiently, or accurately.

Your Identity Data Fabric feeds the relevant identity data to the appropriate ZT-powered technology for analysis. The ZT decision-making components can quickly connect with a single unified identity resource to get all the data they need and apply the relevant policies and guidelines to a 360° identity set.

3: Quickly Delivers Contextual Identity Data—When, Where, and How It’s Needed

The Identity Data Fabric is built to support the dynamic and changing nature of the ZT security approach. When one thing changes in the network, it seamlessly updates the relevant systems, so everything works as configured. The Identity Data Fabric always knows where the relevant identity data is found. The ZT control and policy components don’t have to search for needed data, and any integrated process or workflow suffers minimal, if any, downtime.

Being able to handle identity changes dynamically within the ZT security approach also means increasing your security levels exponentially. Each rigorously updated identity attribute that flows through to the relevant security policy and associated decision-making systems increases your security protections since you’re relying on exactly the right identity context to grant or block access to systems, data, and other sensitive information.

Weave an Identity Data Fabric to Jumpstart Your Zero Trust Architecture

An Identity Data Fabric is the bridge between all your disparate identity data and a successful Zero Trust security roll-out. It unifies and contextualizes your identity data, so it’s consumable at scale right when and where your systems need it. With an Identity Data Fabric, your identity data works harder, so your systems can make smarter decisions.

A woman sits on a couch using a laptop in a dimly lit room, while a blurred man works at a desk with another laptop in the foreground. The scene appears calm and focused.

The Relationship Between IAM and IT Risk Management

/in /by

It’s no secret that today’s IT landscape is under attack. The shift to the cloud, remote work and the IoT are quickly complicating the identity access management (IAM) landscape and expanding the attack surface. This is especially true with organizations working in hybrid IT environments.

These hybrid environments have created identity sprawl: the out-of-control increase of disconnected identity data throughout an enterprise. Identity sprawl makes enforcing security, governance, and compliance policies nearly impossible, opening organizations up to significant security risks.

How can organizations manage these risks more effectively? By integrating identity data into a single resource that can drive an effective IAM and identity governance and administration (IGA) infrastructure.

In a recent report, TechVision Research said it best, “protection of information assets is necessary to establish and maintain trust between the enterprise and its customers, partners and oversight bodies, maintain compliance with the law, and protect the reputation of the organizations.”

Want to learn more? Read the TechVision Research report, Architecting and Managing Hybrid and Cloud-Based Identity Services.

Two Key Components of IT Risk Management

Effective IT risk management includes a wide range of policies and procedures. However, two key components of any IT risk management strategy include IAM and IGA. These are interlocking components of any security and identity system that must be used in conjunction to avoid dangerous security risks.

1. IAM: Identity & Access Management

At a high level, IAM refers to the process of ensuring the right people are granted access to the right resources. Identities are confirmed by authenticating credentials found in a stored entry for them (their account) and then access is granted based on the specified level of entitlement.

There are various components within access management, including web access management and single sign-on (SSO) as well as federated identity management. It all comes back to authentication and authorization which form the core operations of extending access appropriately.

2. IGA: Identity Governance & Administration

A comprehensive identity system will go beyond IAM to include identity governance and administration (IGA). IAM encompasses everything to do with establishing access privileges, while IGA poses a few questions:

  • Is the IAM system working appropriately?
  • What systems can we implement to ensure our IAM system has access to the most comprehensive identity data to make the best security decisions?
  • How can we prove our IAM systems meet established security standards and best practices?

In identity governance, several components are required, including centralized audits, logging and monitoring, access certification, and reporting. And in identity administration, methods include user self-service, delegated administration, automation workflows, and role definition.

When IAM and IGA are working as they should, companies can strengthen security by quickly identifying and mitigating inappropriate access or additional vulnerabilities. They can also ensure compliance and improve the overall experience for system users.

Both Components Require Access to Consolidated Identity Data

As mentioned above, both IAM and IGA are critical for effective IT risk management. Unfortunately, in today’s hybrid environment, it’s common for identity data to be spread across multiple silos. These silos are the enemy of IAM and IGA.

For example, a critical part of IGA is auditing user roles and their access to ensure users have access to the things they should. Nothing more, nothing less. This goal is often summarized as “least privilege access.”

When identity data is spread across these silos, getting an up-to-date glimpse of identity and access is impossible. The result? Security holes, failed audits, a lack of compliance…the list goes on.

IT teams need real-time data about existing users across all data silos to determine and enforce access controls. But this often requires customized solutions that are extremely complex and costly. And most IGA solutions don’t provide a comprehensive view of permission groups and roles across all resources—for use for real-time access.

The solution can be found with the RadiantOne Intelligent Identity Data Platform.

Transform Your Identity Data With RadiantOne

With the RadiantOne platform, you can easily construct a flexible Identity Data Fabric, a reusable source of identity truth.

RadiantOne gives you access to a flexible, inoperable layer that consolidates distributed identity data. Acting as a virtualization and abstraction layer, it unifies identity silos into a single central point for all applications.

Plus, the global synchronization is bi-directional and in real-time, enabling you to propagate and update identities across legacy and cloud-based systems.

With full and instant visibility into your identity data, you can reduce identity gaps and better implement IAM and IGA systems that improve risk management for your entire organization.

Learn More About IAM & IT Risk Management With Radiant Logic

Effective IT risk management requires IAM and IGA. However, successful IAM and IGA are not possible without access to unified identity data. RadiantOne provides you with an Identity Data Fabric so you can turn your identity into a single source of truth for any security initiative.

If you have questions or want to test drive RadiantOne in your organization, reach out to us today.

Several people work together on a wooden table to complete a white jigsaw puzzle, each holding a puzzle piece and reaching toward the center where the puzzle is being assembled.

Making a Zero Trust Architecture Better Together

/in /by

For decades, vendors in the IAM and IGA spaces have promised their solutions solved the problems of organizations looking to ensure the right users were granted access to the right resources without friction. Each vendor brought their perspective to the problem they were trying to solve. But every year brings new challenges, technologies, and threats causing each vendor to deliver more granular identity data connections to keep pace. At the same time, many organizations are integrating new technologies to address changing work trends and cyber threats while not moving away from legacy identity solutions that have been in place for decades.

Identity data has moved to the cloud, and it’s also staying on-premises, further complicating the problem of identity sprawl. Zero Trust has taken hold to address today’s risk and security concerns from the disappearance of traditional perimeter security. Now the focus is on providing secure anytime, anywhere user access. Implementing a Zero Trust Architecture requires all users to be authenticated, authorized, and continuously validated before being granted access to applications and data.

Unfortunately, there are no silver bullets when looking to implement a Zero Trust Architecture. You can’t buy a ZTA solution out of the box. This is precisely where the new work from NIST, Special Publication 1800-35, Implementing a Zero Trust Architecture, comes into play. The good news is that the NIST guide provides a step-by-step, modular, end-to-end example of ZTA to guide the implementation of a ZTA using off-the-shelf solutions.

The Missing Link, an Identity Data Strategy

One of the most defining statements in NIST’s new guide pointed out the lack of understanding that existing IAM/IGA solutions can’t deliver integration and correlation capabilities—or even operate well together. This one fact alone is perhaps the most significant finding in the report. The problem with IAM and IGA solutions is not in the capabilities they were designed to carry out; it’s in the quality and timeliness of the data these solutions require to operate accurately and efficiently. These solutions have the capabilities to acquire identity data. Still, they are challenged to access all the necessary data to make real-time decisions due to the complexity created by identity sprawl. This means that connecting IAM and IGA solutions to the essential identity data they need to make timely decisions is not practical or extensible. Which is precisely why there is a need to have these components integrated via an Identity Data Fabric so they all can work “better together,” solving the problems they were designed to address.

Identity sprawl is often a major roadblock to building a ZTA because organizations have various data sources storing identity information. These identity data sources include directories, multiple Active Directory domains and forests, legacy LDAP directories, relational databases like Microsoft SQL Server and Oracle, and even ultra-legacy sources like mainframes. This creates a dimensional level of complexity for enterprises to manage. The types of data sources vary, but each also represents identities differently, with different access points, multiple protocols, diverse namespaces, and various authentication protocols.

NIST recognizes the problem with identity sprawl:

“Often organizations do not have a complete inventory of their assets or a clear understanding of the criticality of their data. They also do not fully understand the transactions between subjects, resources, applications, and services.” (lines 234-236).

A lack of central visibility and control over organizational assets represents a significant hurdle for IT teams for every project—not to mention creating a primary security posture concern.

The objective of a ZTA is its ability to assign appropriate permissions at admin time, enforce them at run time, and prove it at audit time. This single objective must be adhered to regardless of changes to underlying technologies, from identity-consuming apps, the directories, and databases that provide necessary identity data, regardless of how any capability is currently deployed, or will be deployed in the future. What is needed to address this interconnection friction is a single authoritative source that all ZTA components can access at any stage of the access process.

The NIST report calls out exactly this requirement as a Policy Information Point. The report defines the PIP as “The authoritative collection of identity information required to author and evaluate enterprise policy which controls whether to grant access requests. The policy information point is the system entity that acts as a source of attribute values for the PAP and PDP.” Furthermore, the report also names RadiantOne as the solution capable of fulfilling the role of a PIP by being “The primary source of normalized, aggregated, and correlated user and object identity data in the form of attributes from all sources of truth, delivered in a highly available and performant platform which is accessible by the PDP and all downstream consuming applications across a variety of protocols and views.”

The Key ZTA Enabler: Identity Data

Implementing a unified identity data strategy is critical to building a capability that allows services to work together and operate off the same identity set. Integrating identity needs to be a seamless, repeatable process. Whether for a merger or acquisition, collaboration across entities or partners, enabling new applications and implementing more robust governance, or any other identity initiative—all require a unified source of identity to accelerate deployment, saving time and money. Or, in the words of NIST:

“In complex architectures, a ZTA requires an identity data foundation that bridges legacy systems and cloud technologies, and that extends beyond legacy AD domains.” (lines 2431-2433).

Five Criteria To Look For When Choosing an Identity Data Strategy

Five critical criteria must be met to enable a desirable ZTA outcome when looking to implement an identity data strategy. A solution must be capable of building a unified identity data source from distributed systems that can:

  • Deliver correlated, attribute-rich global profiles of all users (enabling fine-grained access control)
  • Incorporate standards-based accessibility in a flexible data model cable of connecting legacy, on-prem, cloud, hybrid/multi-cloud identity environments
  • Scale and perform in real-time environments, even accessing hundreds of millions of identities
  • Ensure resiliency, high availability, and flexible deployment options (vendor and platform neutral)
  • Automate groups definition and membership across sources

The Right Approach to Implementing Your Identity Data Strategy—An Identity Data Fabric

The emerging pattern in the IAM market is based on the concept of a fabric or mesh approach. The previous approach that focused on over-centralizing and over-synchronizing identity into a single “master” data source is unworkable in the context of a ZTA. This approach has proven to be unwieldy, brittle, and inflexible, which is why we see distributed identity architectures being incorporated in NIST’s future-looking ZTA guide.

In the context of identity data, a fabric architecture leverages identity federation to weave the necessary elements of identity data into a central source while allowing identity management to remain local to authoritative systems. An Identity Data Fabric bridges the various identity needs across platforms and protocols and provides a seamless experience for users, administrators, and developers—for harnessing the value of identity data. This approach avoids centralizing into a rigid structure that can’t evolve to meet changing requirements or scale to modern organizational demands–like cloud, multi-cloud, and hybrid deployments, fine-grained access models, and rapid change ingestion.

Radiant Delivers the Identity Data Fabric to Enable Your ZTA

NIST’s guide establishes Radiant Logic as the starting point when designing a Zero Trust Architecture. Radiant Logic obviates the need for custom coding and fragmented workarounds when integrating IAM, IGA or other identity consuming apps into the plethora of identity data sources when building a ZTA. RadiantOne addresses identity integration complexities with a platform that enables organizations to interoperate with dispersed on-prem, legacy, and cloud technologies to protect resources with minimal impact on end-user experiences while reducing internal resource burdens—helping an indeed Zero Trust strategy. RadiantOne accelerates and enhances the implementation of a ZTA by laying an identity data foundation—on which all ZTA components can rely.

To learn more about Radiant Logic’s role in NIST’s Cybersecurity Practice Guide for Zero Trust Architecture, check us out here, or let us show you how we can help with a demo.

A group of people in a modern office celebrate as two colleagues stand and shake hands, smiling, while others sit around a table clapping and cheering.

Top 8 Identity Challenges After an M&A

/in /by

Picture this: you start your work day with an email from upper management that your company just acquired another company. Most employees will continue with their workday, but not the IT team.

If you’re on the IT team, your headaches are just beginning as you’ll be responsible for integrating the new employees into your current tech and identity stack. You’ll be faced with multiple identity sources, a new identity governance and administration (IGA) solution to look at, various LDAP and Active Directory (AD) data sources to deal with, and several cloud applications that use various single sign-on (SSO) solutions to federate identity.

Where do you start?

In this post, we’ll go over eight identity challenges companies may face after a merger and acquisition (M&A) and how to solve them.

Challenge 1: Enabling Application Access on Day 1

Employees of the newly-merged company will need access to all relevant applications, systems, and data to do their work. That means employees from Company A may need to access Company B applications—and vice versa—from Day 1. Without merging the applications and tech stacks, employees across the newly-enlarged company won’t be able to collaborate effectively. And without collaboration, the new company won’t realize the value of the deal that merged them in the first place.

The solution is to create a global list using RadiantOne to unify identity sources, and quickly offer cross-entity access. This abstraction layer allows you to create views to present application-specific identity information in the expected way for any application that needs it. This approach saves you time and effort as you don’t have to integrate the new user accounts into your existing data stores, and you don’t have to spend more cash buying new application licenses to accommodate the larger user base.

Challenge 2: Dealing with Multiple Identities

The new-to-you employees have their own identity data stored in various ADs and applications, such as the HR app. Merging the new user accounts isn’t always feasible because of the relationships between identity data. For example, joining an AD directory with an HR application is hard because there isn’t always a 1:1 relationship between AD accounts and HR listings.

Employees may have different AD accounts for different work tasks, different applications, and a host of other different reasons. They may also not have an AD account because they don’t need them, or there may be duplicates in AD with the same username even though they are for different people, requiring additional verification before merging.

To solve this challenge, IT teams need to determine the right identity attributes to use as unique identifiers for people—or create a new identifier if one doesn’t exist.

Then, use those attributes to identify each account and person uniquely, so each ID is represented exactly once on the global ID list.

It means looking beyond usernames, locations, and teams to find data unique to each person, such as employee ID numbers, start dates, etc.

Challenge 3: Determining a Data Source Migration Plan

It can be daunting when faced with the amount of work it takes to merge people into a global user list after an M&A. Each company has its own way of doing things when it comes to identity, whether it’s a unique identity and access management (IAM) strategy or using an outdated IGA application.

To help manage the transition, IT teams should create a roadmap for migrating the data sources of the two companies. Decide on which identity information, sources, and identity applications you will use and consolidate things to a more manageable level. The fewer sources and applications you deal with, the easier it’ll be, regardless of the new user base size. Consolidating and unifying identity data makes it easier to access and deploy on-demand, as you’ll know precisely which data stores to connect to, how they’re used, and what attributes they hold.

Challenge 4: Understanding Which Identity Applications to Migrate 

Another challenge after an M&A is deciding on which applications each company will need to keep. Because there are larger considerations when it comes to enterprise applications such as license agreements, contract terms, and supporting data stores, it’s not as easy as deciding to use Application A simply because it’s the one the acquiring company uses. And when it comes to identity, it’s usually the applications that cause the biggest headaches to decommission.

Planning application migrations can alleviate some of the work and stress, as you’ll have a better idea of what’s happening and when. RadiantOne provides a staging layer for the migration and consolidation process. You can repoint SSO and other identity providers (IdP) to it as you work on the consolidation and migration of the identity data sources. Users retain access to the applications and systems they need as you work, and you can optimize the identity backend without extra pressures. Plus, if either company is still using legacy applications, you can choose to migrate or consolidate them—depending on the business case—without interruption to employees or business workflows.

Challenge 5: Developing a Full Picture of Employees Across Both Companies

Not only does each company have a different way of doing things, but each internal department or team does too. These differing views of employees make it hard to develop new processes, procedures, policies, and anything else you might need to understand your employees. And your identity management systems and applications often make it hard to create a full picture of employees, which is why many companies have so many different identity data stores like in AD, LDAP, and cloud solutions.

By federating identity, you can unify all the employee identity data you have, no matter where it’s stored. You’ll have a complete picture of employees, contractors, partners, and even customers if you want. Don’t forget about the importance of groups—if you’ve created dynamic user groups with relevant attributes, employees can automatically be added or removed from groups based on changes made to those attributes. With this approach, when a user’s attributes change, they’re automatically dropped without manual intervention.

Challenge 6: Breaking Free of Only Using a Single Federated Identity Provider

Most companies today use some mix of cloud applications in their tech stack. Yet integrating the cloud from an identity perspective is hard because cloud services often only federate identity with a single provider at a time. So, you can’t just hook up your newly acquired company to the cloud service you’re already using. And many on-prem systems work the same way; they’re designed to connect to a single endpoint.

The solution to this problem is to use RadiantOne as the single identity endpoint. It can connect to as many identity data stores as needed on the backend, while offering a single source of identity truth to the relevant applications. It can transform the identity data into the right format or protocol for the accepting application, as well as replicate the data across legacy, on-prem, and cloud data, making it a skeleton key of sorts.

Challenge 7: Using AD Incorrectly and Muddling Identity Data

Many companies have been using Active Directory (AD) for identity management, and struggle to move to a hybrid environment internally. That’s because AD designs are often based on delegated lines of administration, geography, or even office politics, and many people end up with multiple AD accounts. Further, AD doesn’t provide the visibility into user groups that’s needed to handle identity at a more granular level, making it difficult for applications to find the correct identity data they need. For example, if you’re under the Sales > West Coast nested group, your attributes won’t show the “Sales” attribute because you’re not a direct member.

With an Identity Data Fabric approach, you can remodel the data and flatten the groups to make it meaningful to consuming applications. It increases the visibility of identity data because you can see all relevant attributes that apply to each user (nested or not,) and requesting applications can retrieve identity data faster.

Challenge 8: Managing Identities for Acquisitions That Will Eventually Be Sold Off

One scenario often not considered is accounting for the long term plan with an acquisition: Will it be fully integrated, or is the plan to eventually sell off part of the business to another company? It needs to be integrated into the acquiring company so teams can work together seamlessly, but not so tightly that it’s difficult to spin off if it comes time to sell. You still need cross-entity access for employees across both companies for the duration of the investment, plus easy separation when the time comes. Fully integrating systems, networks, applications, and identities doesn’t make sense if you’ll need to reverse everything in the future.

To temporarily integrate the two and make it easy to spin off the acquired company later, use RadiantOne. You can use it as a staging center to build a global user list that combines the identity data of both companies and makes it available to each, and create views for application-specific identity information in the expected protocol and schema for applications used by each company.

When it comes time to sell, you can turn off the replication connections and decommission the identity connectors to the sold company. All without additional coding, significant time investment, or disturbing the identity data of the remaining company.

Optimize your identity management during M&As

Mergers and acquisitions are always a challenging time for IT, especially in today’s hypercomplex identity environments. You want to ensure employees can work with whatever applications they need right from Day 1, but not if there are duplicate user accounts, legacy applications that require extra configuration, or cloud applications that can only handle a single identity endpoint.

That’s why many companies are turning to a solution like RadiantOne. With this approach, you can optimize your identity management tasks before, during, and after an M&A. Create identity views in the correct format for the applications employees use, unify identity endpoints no matter where your data is stored, and make it easy for any application to get the relevant identity information it needs from Day 1.

Contact us today to find out how RadiantOne can optimize your identity management tasks before, during, and after a merger and acquisition. We can help you sort through the challenges to find the solution that works best for you.

Abstract digital art featuring bold, swirling shapes in red, yellow, and green against a bright blue background. The composition includes concentric curved lines, creating a dynamic, vibrant visual effect.

NIST ZTA Guide Highlights the Need for Identity Correlation

/in /by

How To Build the Foundation for Zero Trust

A new report underlines the critical importance of identity integration for cybersecurity initiatives—specifically, the emergent standard of Zero Trust Architecture (ZTA).

In this post, we’ll be further exploring a topic we’ve discussed many times: the centrality of identity unification and correlation to the organization’s overall security architecture—as highlighted by the role Radiant Logic plays in the new ZTA guide.

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST) has assembled a lab to define best practices for implementing Zero Trust with solutions already available on the market or potentially already deployed at your organization. The resulting 100+ page Cybersecurity Practice Guide provides a complete example of ZTA to guide implementation. TL;DR? Check out our summary here.

Who’s Afraid of Zero Trust?

The open “secret” in our market is that identity data management continues to be a major roadblock to many organizations’ top priority projects: digital transformation, improved customer experience, less-headachy compliance to regulations, rock-solid security; all are stymied by a lack of cohesive, organization-wide strategy around identity data.

NIST recognizes this challenge in their guide: “Enterprises that want to migrate gradually to an increasing use of ZTA concepts and principles in their network environments will need to integrate ZTA with their legacy enterprise and cloud systems.” (lines 479-481). Cool, but how?

Organizations often have a variety of data sources housing identity information (aka, identity sprawl). These identity data sources include directories, often multiple Active Directory domains and forests as well as legacy LDAP directories, relational databases like Microsoft SQL Server and Oracle, even ultra-legacy sources like mainframes… and more. This is one source of complexity for the enterprise to manage: not only do the types of data sources vary, each represents identities differently. There are different access points, multiple protocols, diverse name spaces, and a variety of authentication protocols.

NIST recognizes the problem with identity sprawl: “Often organizations do not have a complete inventory of their assets or a clear understanding of the criticality of their data. They also do not fully understand the transactions that occur between subjects, resources, applications, and services.” (lines 234-236). A lack of central visibility and control over the organizational assets represents a significant hurdle for the IT team for every project–not to mention a major concern for security posture.

Identity Data Strategy is a Key Enabler Across Security, Experience, and Efficiency Projects

All those digital transformation and security initiatives? They expect a single authoritative identity source. A complete “score” of identity data for real-time decisioning (access management), user lifecycle administration (governance), and analysis (audit).

Or, in the words of NIST: “In complex architectures, a ZTA requires an identity data foundation that bridges legacy systems and cloud technologies, and that extends beyond legacy AD domains.” (lines 2431-2433).

Another roadblock? The difficulty of integrating different components that must work together in a ZTA: “Organizations may not understand what interoperability issues may be involved or what additional skills and training network administrators may require, and they lack the resources to develop a pilot or proof-of-concept implementation needed to inform a transition plan.” (lines 241-244).

Let’s illustrate these challenges with the Zero Trust Architecture.

What is Radiant Logic doing in this diagram? Why aren’t the Identity Governance and Administration (IGA) and Identity and Access Management (IAM) solutions able to cover all the bases for Zero Trust-ing? Because identity unification–of which correlation is an important feature–is really its own category. Identity unification serves an indispensable purpose across the functions of IAM and IGA, and helps these components to work together better.

This core capability is required by a modern security architecture like Zero Trust–multiple services must be able to work in concert, operate off the same identity set, but they can’t do their jobs without the real-time access to rich identity data that identity unification provides.

Integrating identity needs to be a seamless, repeatable process. Whether for a merger or acquisition, for collaboration across entities or with partners, enabling stronger governance, or any other identity initiative, a unified source of identity accelerates and simplifies the project and shortens its timeline.

Identity Correlation Builds the Authoritative Source of Identity Data

Correlation creates the link that establishes a single identity for a same-user across sources–this enables Radiant to build complete, attribute-rich global profiles for users, for driving fine-grained access and turbo-boosting governance capabilities.

Often for complex infrastructures, advanced correlation is required for achieving identity unification. Above and beyond mere “aggregation” of identity data, and serving a different purpose than the integration of identity data that IGA provides, unification is the whole enchilada of integration.

NIST validates the requirement for unification in its implementation and explains how this unified identity foundation supports the other ZTA components of IAM and IGA: “Radiant Logic stores, normalizes and correlates this aggregation of information and extended attributes and provides appropriate views of the information in response to queries. RadiantOne monitors each source of truth for identity and updates changes in near real-time to ensure that Okta is able to enforce access based on accurate data. SailPoint is responsible for governance of the identity data.” (lines 2388-2392).

Identity Data Must be Managed Well to Support ZTA

Strategic management of identity data is a key enabler for enhanced cybersecurity. Every other system in the ZTA’s success hinges on how well the identity data is managed and made accessible to those components. As stated in NIST’s guide, “How ICAM information is provisioned, distributed, updated, shared, correlated, governed, and used among ZTA components is fundamental to the operation of the ZTA.” (lines 2380-2381).

Every consuming or “upstream” application needs access to valid, trusted identity data. The trick is to manage and maintain this data well despite complexity; that’s where an Identity Data Fabric comes in.

Identity Data Fabric is the Right Approach to Making Identity Data Accessible

It’s worth noting that another emerging pattern in the IAM market is the fabric or mesh approach–the pendulum has swung away from over-centralizing and over-synchronizing identity into a single “master” data source. That model has proven unwieldy, inflexible, and not scalable, which is why we are seeing distributed identity architectures taking center stage.

In the context of identity data, a fabric architecture leverages identity federation to weave the necessary elements of identity data into a central source, while allowing management of identity to remain local to authoritative systems. An Identity Data Fabric bridges the various identity needs across platforms and protocols, and provides a seamless experience for users, administrators, and developers– for harnessing the value of identity data. This approach avoids centralizing into a rigid structure that can’t evolve to meet changing requirements, or scale to modern organizational demands–like cloud, multi-cloud, and hybrid deployments, fine-grained access models, and rapid change ingestion.

Attributes are the Fuel for Fine-Grained Access Control

Fine-grained access policies can only be enforced when policy engines are equipped with real-time access to trusted and complete identity data. Attributes like role, group memberships, risk scores, and so on, are the necessary fuel for making a ZTA operate.

Zero Trust is inheriting lessons from the Attribute-Based Access (ABAC) model, segmenting its architecture by different function components like the Policy Enforcement Point (PEP), Policy Decision Point (PDP), and Policy Information Point (PIP).

NIST’s lab positions Radiant as the PIP for its ZTA implementation for complex environments: “Radiant Logic acts as a PIP for the PDP as it responds to inquiries and provides identity information on demand in order for Okta to make near-real time access decisions.” (lines 2374-2376). Radiant enables ABAC principles by delivering the necessary identity data and attributes for enforcing attribute-driven policies.

What Makes a Good Unified Identity Data Source?

I’ll leave you with a handy checklist of the capabilities you’ll want in your toolkit for upleveling your organization’s strategy for identity data management–and of course, for implementing ZTA.

A solution that is capable of building a unified identity data source from distributed systems:

  • Delivers correlated, attribute-rich global profiles of all users (enabling fine-grained access control)
  • Has flexible data modeling capabilities and standards-based accessibility
  • Scales and performs for runtime access, even with hundreds of millions of identities
  • Ensures resiliency, high availability, and gives deployment options (vendor and platform neutral)
  • Automates groups definition and membership across sources
  • Connects legacy, on-prem, cloud, multi-cloud identity environments
  • Synchronizes data in near real-time so data is always coherent, valid, and propagated where required

If you want to learn more about Radiant Logic’s role in NIST’s Cybersecurity Practice Guide for Zero Trust Architecture, check us out here, or let us show you how we can help with a demo.

A spiral staircase with wood-patterned steps and a white railing, viewed from above, creates a circular, hypnotic pattern as it descends several floors.

RadiantOne Simplifies Complex IAM Architectures

/in /by

RadiantOne Simplifies Complex Architectures & Sets the Stage for Successful IAM Initiatives

The IT landscape is continuously growing. Businesses continue to migrate their operations over to the cloud, resulting in many cloud-based and hybrid environments. And while the cloud delivers many benefits, the complex IT infrastructure resulting from digital transformation can be a breeding ground for security threats.

Today, companies have adopted a hybrid-work approach, employees rely on a mix of on-prem and cloud-based apps and services to complete their work, whether that’s remotely or in a physical office. IT teams are challenged to meet this new hybrid access requirement: disparate IT systems make it difficult for teams to extend access to users to the information they need, when they need it, resulting in productivity loss.

The answer you need to solve these complex security and access challenges lies within your identity data, and the attributes that make up what the organization knows about each user. Effectively managing your identity data can result in friction-free access and granular control over identities for improved IT security, and enhanced productivity.

How can you effectively manage your identity data? By implementing a successful Identity and Access Management (IAM) system within your organization.

The Consequences of Complex IAM Architectures

Unfortunately, implementing IAM within your organization can be a challenge, especially in complex, hybrid environments. In a recent report, “Architecting and Managing Hybrid and Cloudbased Identity Services” by TechVision Research, this challenge was further illustrated:

“Today, we find ourselves with a largely mixed set of IAM capabilities residing on-premises, in the cloud, or both. Adding to this complexity for many organizations is that they may be using multiple Identity as a Service (IDaaS) offerings, may have multiple on-premise IAM systems, and may be leveraging multiple cloud service providers.”

This complexity leads to many often-unseen consequences, including subpar security, reduced operational efficiency, and a lackluster customer experience.

1. Subpar Security

Complex IAM architectures result in a lack of granular control over identity data and consequently, lack of control over access. IT or identity teams find it nearly impossible to gain an in-depth view of who has access to what–or build a better system for determining access. This lack of control leads to increased risk of breach.

This also affects and slows the implementation of additional security measures such as Multi-Factor Authentication (MFA). Many environments include legacy applications that may not support modern protocols, and subsequently aren’t able to easily add enhanced security mechanisms such as MFA easily. And with new regulations and policies requiring it, choosing to not implement MFA isn’t an option.

2. Reduced Operational Efficiency

Digital access is critical for the modern enterprise–from simply opening Google Docs to draft meeting notes to accessing the CRM to support customers, everything users must do relies on the smooth extension of access. Anything (such as a difficult-to-navigate identity system) that delays seamless, secure access to resources slows down productivity.

Unfortunately, complex environments can lead to users needing to log into every single tool individually. This leads to proliferation of passwords, and wasted time both by end users and the IT team who must help them. The result? Productivity loss that can directly impact your bottom line.

3. Lackluster Customer Experience

Access issues don’t just affect your employees and IT teams. It also directly impacts your customers—and their digital experience with your organization is paramount to gaining and retaining loyal customers.

One example is the call center. Customers typically call in after exhausting all of the other support methods. Unfortunately, fragmented systems lead to long wait times while incomplete views of customer identity data lead to friction during support calls. We’ve gone into more detail on the customer experience on other blogs—read more to go from “hold please” to “glad I could help!” with unified customer identity data.

A single, subpar experience can result in your customers going elsewhere. And that’s something no business can afford.

The Solution: An Abstraction Layer to Reduce Complexity

Complex IAM architectures benefit from unification of identity data to address the above challenges. The best way to unify disparate identity data is with a layer capable of buffering consuming applications from the complexity of underlying systems—to speed up deployment and realize faster time to value on identity-based projects such as Single Sign-On (SSO), Identity Governance and Administration (IGA), and more.

An abstraction layer works as a “middleman” or universal translator between disparate applications and identity sources. This layer maps disparate identity sources into a single, unified view for simplified management and access to identity data, making your environment much easier to navigate and helping you harness its value across a variety of initiatives.

The RadiantOne Intelligent Identity Data Platform: An Abstraction Layer for Streamlining IAM

RadiantOne provides an abstraction layer that virtualizes disparate, heterogeneous data silos into a single access point to make identity data a central, reusable asset for the entire organization.

RadiantOne helps organizations build their Identity Data Fabric, integrating identities across all data sources into unified views. From there, consuming applications have a single interface to access for gaining the identity data they need.

RadiantOne sits between client applications and the backend systems, acting as a universal connector and shielding consumers from the complexity of the identity environment. It extracts the schemas from underlying sources, builds a global data model across sources, and presents the unified, translated information to client applications.

Enabling Infinite Expansion & Revision

As TechVision writes, RadiantOne “provides the ability to map common or disparate identity sources into a unified view and to provide authentication, authorization, and federation support.”

A key benefit of using RadiantOne is flexibility. Whatever format the data is in on the underlying source, can be remapped and remodeled to meet different application or initiative requirements.

This one, unified identity data platform can meet the needs of various identity data services as your needs change. For example, as additional data sources need to be folded in, RadiantOne can easily plug those into the system, and as new applications and their unique requirements are onboarded, their needs are easily accommodated as well–enabling infinite expansion.

Learn More About Successful Identity & Access Management in Complex and Hybrid Environments

By simplifying complex IAM architectures, unifying disparate data sources, and enabling flexibility, RadiantOne sets the stage for successful IAM initiatives. To learn more about RadiantOne, if you have questions or want to test drive RadiantOne in your business, reach out to us today.

© 2026 Radiant Logic, Inc. All Rights Reserved. | Privacy Policy