Integrating the New Identity While Evolving Your Existing Identity
Right at the beginning of the year, I introduced you to Radiant’s Great Migration map, our vision for the identity landscape of today and tomorrow. I’d like to follow up that discussion with a series of posts about the importance of integrating IDaaS cloud services and directories with your existing IAM infrastructure and LDAP applications. After all, unless your company is digital native or you’re starting from scratch with a greenfield deployment, you probably have an identity infrastructure that looks a little something like the lower two-thirds of the map—even as you reach for the cloud.
In any case, IDaaS or “identity-as-a-service” is a very promising direction for a field that’s been stuck in the datacenter for a very long time. The value proposition is especially exciting for larger enterprises, like most of our customers. For one, federation makes it easier to offer SSO and a more user-friendly portal, which is great news whether you’re extending access to new employees and partners after a merger or enabling customers to manage accounts across a world of different services, each one brought online at a different time. A directory on the cloud also abstracts location dependency for applications, which is key for mobility, as well as for multi-national companies with sites across the globe.
Can All Your Apps Speak Federation Standards or IDaaS APIs?
Yet at the level of access/authentication and directory information, these benefits are available only to applications that can leverage federation standards such as SAML and OpenID Connect and/or specific APIs supported by individual IDaaS vendors. Unfortunately, most enterprise LDAP-based applications and traditional WAM portals can’t do either, which means they cannot authenticate through SAML or a cloud directory because that would require calling an API that is not LDAP. While a directory on the cloud is great for new initiatives and applications, to all your WAM and LDAP apps, that cloud directory just looks like another silo. And that means that all these benefits are confined to the new part of the stack—even though they’d be especially helpful for adding agility to the existing stack. So how does a large company with extensive investments in yesterday’s tech take full advantage of tomorrow’s identity and access solutions? (Hint: it involves virtualization and integration with RadiantOne FID…)
Stay tuned for my next post, where we’ll dive a little deeper into the infrastructure—and soar a little higher into the cloud—as we look at how to empower IDaaS with a federated identity service.
Current Web Access Management Solutions Will Work for the Customer Identity Market—If We Solve the Integration Challenge
I find it ironic that within the realm of IAM/WAM, we’re only now discovering the world of customer identity, when the need for securing customer identity has existed since the first business transactions began happening on the Internet. After all, the e-commerce juggernauts from Amazon to eBay and beyond have figured out the nuances of customer registration, streamlined logons, secure transactions, and smart shopping carts which personalize the experience, remembering everything you’ve searched and shopped for, in order to serve up even more targeted options at the moment of purchase.
It reminds me of a parable from a classic book on investing*: Imagine a Wall Street insider at the Battery in New York, pointing out all the yachts that belong to notorious investment bankers, brokers, and hedge fund managers. After watching for a while, one lone voice pipes up and asks: “That’s great—but where are the customers’ yachts?”
Could this new focus on “customer identity” be an attempt by IAM/packaged WAM vendors to push their solution toward what they believe is a new market? Let’s take a look at what would justify their bets in the growing customer identity space.
Customer Identity: The Case for the WAM Vendors
The move to digitization is unstoppable for many companies and sectors of the economy, opening opportunities for WAM vendors to go beyond the enterprise employee base. As traditional brick and mortar companies move to a new digitized distribution model based on ecommerce, they’re looking for ways to reach customers without pushing IT resources into areas where they have no expertise.
While there are many large ecommerce sites that have “grown their own” when it comes to security, a large part of this growing demand will not have the depth and experience of the larger Internet “properties.” So a packaged solution for security makes a lot of sense, with less expense and lower risks. And certainly, the experience of enterprise WAM/federation vendors, with multiple packaged solutions to address the identity lifecycle, could be transferred to this new market with success. However, such a transition will need to address a key challenge at the level of the identity infrastructure.
The Dilemma for WAM Vendors: Directory-Optimized Solutions in a World of SQL
As we know, the current IAM/WAM stack is tightly tied to LDAP and Active Directory—these largely employee-based data stores are bolted into the DNA of our discipline, and, in the case of AD, offer an authoritative list of employees that’s at the center of the local network. This becomes an issue when we look at where the bulk of customer identities and attributes are stored: in a SQL database.
So if SQL databases and APIs are the way to access customer identities, we should ask ourselves if the current stack of WAM/federation solutions, built on LDAP/AD to target employees, would work well as well with customers. Otherwise, we’re just selling new clothes to the emperor—and this new gear is just as invisible as those customers’ yachts.
Stay tuned over the next few weeks as I dive deeper into this topic—and suggest solutions that will help IAM vendors play in the increasingly vital world of customer identity data services.
*Check out “Where Are the Customers’ Yachts: or A Good Hard Look at Wall Street” by Fred Schwed. A great read—and it’s even funny!