Back to Radiant Blog

Surviving–Even Thriving?–In Today’s Hybrid World

Raise your hand if cloud migration has been on your to-do list for… over five years?! If so, you’re not alone–a recent study of 300 IT leaders found that only 4% of large enterprises are fully in the cloud. So strap in, because you’re now going to navigate the wild, wild west of the hybrid world.

Our friends at TechVision address this complexity in their new research document: “Today, we find ourselves with a largely mixed set of IAM capabilities residing on-premises, in the cloud, or both.” No matter who you talk to, complexity is the name of the game in the hybrid world. Now we’ve got to figure out how to survive–and even thrive–within that reality.

There is a saying that “chaos overcomes order.” Welcome to the world of identity sprawl–you’ve got applications far outside of your on-prem environment, and your user data sets are likely delivered by sources out of your control. Not only is your data in a hybrid model, but the many different functional components of your identity fabric might also be in a hybrid model–with different IAM capabilities (such as lifecycle management, governance, privileged access management) sliced and diced across solutions, some in one cloud, some in another cloud, some on-premise. What ties them all together? There’s one thing you can still build your security system around: identities, attributes, and context.

If you’ve got large corporate environments, you might think you can get away with an in-cloud, integrated directory, you might be able to just lift your Microsoft into the cloud, but that’s just one platform. What if you’ve got multiple domains? What about your other assets? Being cloud-first is perfect for a greenfield opportunity–but a large operation built through M&A is not going to be an easy lift to the cloud.

Let’s say you have made the decision to migrate at least part of your infrastructure to the cloud. What are you leaving behind? Mainframe, Unix/Linux, and in-house apps? Web based applications? Your many AD domains, LDAP directories, and databases? In short, the legacy environments that you’ve spent years cultivating and maintaining? And how will you sync changes across these systems?

There’s a lot at stake here. TechVision points out that “From a security perspective, hackers and thieves focus on less-than-stellar integration of on-prem and in-cloud IT functions because that is the way to your data.” If your legacy data sources cannot be integrated with modern security protocols–or if there is inconsistency across users and the way they are managed–you’ve merely expanded your attack surface, and offered up more accounts to be maintained and more entry points.

Securely moving the cloud starts with a discovery and inventory process of your identity ecosystem. You need to understand who the clients are to each of your apps. If you’re going to be moving an application, you need to tell consumers where that application has gone, what impact it has, and what its dependencies are.

Go take a look in your garage. If it’s anything like the garages in my family (looking at you, Dad!), I’d guess that it’s a good metaphor for your current identity environment. You know you need to clean out your garage before you move to that new house. Similarly, you need to start with an inventory of your identity sources before you can safely and securely begin migrating. This is the work of looking through your garage, seeing what’s going with you, what bikes and tools need a tune-up, what boxes need to be reorganized, and what’s going to the dump.

Preparing for a cloud migration is not that different. TechVision has put together a wonderful reference architecture that they’ve laid out as a blueprint for success in the hybrid environment. Within that architecture, they discuss the need for an identity data service as an essential component: “Identity should ultimately be a ‘utility:’ it should be easy to identify individuals, applications and things and provide access under proper security controls that are privacy centric.”

While we are in full agreement here, the part we’d like to emphasize is the identity data component—we would argue that it is the utility itself, the electricity in the wires, and the water in the pipes–that makes that utility so essential.

When you look at it that way, hybrid is not a matter of “on-prem” and “on-cloud.” It’s the whole environment, it’s a holistic view, it’s a smart electricity grid. Starting with a discovery and clean-up of your identity data requires that you look at your IT infrastructure as a single, interconnected, platform. Just like you looked at your internal network as directories, databases, and computers all interconnected on one network-the cloud is just an extension of that now. But how can you get that central visibility? Here’s where you need an Identity Data Fabric that spans, connects, and syncs across all of these sources.

Bringing in an Identity Data Fabric is the organization system for your garage–in fact, for your entire house–that brings the necessary order before you begin your move, or even if you’re halfway through. Suddenly you can find the data you need when it’s requested, radically simplifying the process of bringing in new users, adding a new application, or adding a new security method.

And this is the role of RadiantOne in your hybrid world. This is where providing identity data–whether it’s to applications on the cloud, on (because again, we’re going to be in that hybrid world for an indefinite period of time, so we want a solution that can handle both), and that can be hosted on-premise, or in the cloud, and can consume–and then deliver–identity information that happens to be on-premise, or in the cloud, or in a partner’s infrastructure. Anywhere we can connect to (which is everywhere!), we can bring that identity forward and allow you to build that single source of identity information that your applications need.

A hybrid environment offers a lot of promise, and lets us take advantage of many of the incredible cloud applications while honoring and maintaining the legacy environments that we’ve been cultivating for years. Spending the time to inventory your identity resources and build your Identity Data Fabric will allow you to confidently move forward in the current hybrid reality, building on the best of both environments.

Subscribe to receive blog updates

Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.