…Everything looks like a nail. Isn’t that the saying?
In the world of identity management, we have many sub-categories that compliment each other, such as Identity and Access Management (IAM), Identity Governance and Administration (IGA), Privileged Access Management… and so on. These categories may have some overlap in their offerings, but each performs a necessary task “the best“—and we need contributions from them all to build a complete, mature identity architecture. Each component has a role to play in keeping the organization secure, functional, and agile.
Despite the ongoing convergence of IAM, no one platform is yet able to “do it all”—different tools are optimized for particular challenges. The trend of composability illustrates the value of having different (interoperable) components that specialize on their respective functionalities, but work in concert to deliver on a greater technical goal.
Zero Trust Architecture is a great functional example of this concept—Zero Trust is not a product that can be bought off the shelf but rather requires a number of functionalities combining seamlessly to deliver least privilege access. In a recent webinar, we explored the topic of Zero Trust—what it is, what it isn‘t, and how to get it—with founder and principal analyst Martin Kuppinger of KuppingerCole Research.
Valid Identity Data–Why You Need it for Zero Trust–and How to Get It
Identity data is the basis for any access or governance decision you’re going to make, so that data needs to be valid for your decisions to be right. So that is key to establishing a working Zero Trust Architecture. Getting to a state of having “good” identity data available to the rest of the ZTA components is a crucial role that the RadiantOne platform plays.
In a recent report, “The Role of Identity for Zero Trust,” Martin calls out the need for identity data that is:
Getting data that meets these standards is tough when faced with identity sprawl—organizations with a complex infrastructure often face the same set of challenges in getting their data “right.”
How can you get valid data when identity is spread throughout many different systems (across on-prem, the cloud, potentially multiple cloud platforms)? Whose role is it to transform what you have today, into a resource that works for multiple pieces? It’s easy to get confused about who does what in the identity architecture, so it can sometimes be useful to clarify what each layer brings to the table and how they work together. In this report, Martin lays out what an IGA platform can and can’t do… and those gaps are why it pays to have a unification layer supporting IGA and other solutions.
Now, back to my hammer metaphor. The problem of inconsistent, overlapping, disjointed, out of sync data can’t be solved by a hammer, it’s not a nail—you need a swiss army knife to deal with identity sprawl. The swiss army knife that is RadiantOne! RadiantOne has all the specialized tools required for optimizing your identity data management system to build out a foundation of good identity data. In turn, that data powers these other engines (IAM, IGA), and the overall structure of the Zero Trust machine.
To give an example, let’s look at getting consistent data from a distributed set of sources. First we need to bring all the data into a global model (from there, we can model different views of that data to meet application requirements, but I’m getting ahead of myself). There might be missing data. There might be no way of determining which accounts belong to which human people. You may not know which source is the “source of truth” for certain information (is HR authoritative for manager, or some other system?). The format of the attributes can vary across sources—California can be CA, California, Calif., or heaven forbid, “Cali”– but it all needs to read as CA in the final view. And there’s the structure of the data—does the schema that defines the attribute name refer to the state as State, St, Province, or something else entirely? What about multi-value attributes, how are those handled? And it goes on and on.
These are nitty-gritty integration challenges that require the finesse of a specialized toolkit– and aren’t addressed by IAM or IGA solutions.
What Siloed Identity Data Means for Zero Trust
It means you’re in danger!
When an organization finds itself with technical debt and identity sprawl, some MORE of the problems they will typically see are: duplicate, triplicate, n-tricate accounts representing the same identity, a huge diversity in data structure and protocol (which leads to identity silos), and an inability to access in real time the information that is spread across a dispersed environment. What that means is you can’t authenticate and authorize users effectively. And that’s a critical roadblock for delivering Zero Trust.
Intelligently managing identity data is the crucial starting point for security—as Martin says, identity is the most important element within Zero Trust:
“Identity is ubiquitous in the Zero Trust model. It is a key element of Zero Trust, because it is about verifying that someone or something with a digital identity is entitled to access networks, systems, applications, and data. With that central role of identity for Zero Trust, the quality of identity data as well as its availability across the broad range of sources for identity data becomes an essential capability for every business.”
Want an on-ramp to Zero Trust, better business decisions, and a modernized identity ecosystem at your organization? Look to your identity data and getting it right first. What’s needed is uniform delivery of good-quality data abstracted from a myriad of sources, which is what an Identity Data Fabric provides—no matter how complex the infrastructure may be. Those duplicative user accounts need sophisticated correlation to detangle, the diverse schemas and data formats need mapping and translation, the aggregated data needs to be put in a highly performant store to deliver reliable, fast run-time access.
Thinking long-term and acting strategically by getting the right tools for the job ahead will pay dividends when you’re pulling together the many components that make up a mature, secure IAM program (since they all rely on having that accurate, available, fresh identity data).
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.