The work environment is constantly changing, and the work-from-home era is simply the next step in that process. Even before the COVID-19 pandemic hit, we were starting to see the shift to remote work– as a result, many organisations moved towards hybrid cloud environments in order to ensure that both on-prem and cloud environments were supported.
While it might seem obvious that we were always going to head in this direction, it doesn’t mean organisations have not hit problems. Research by Radiant Logic shows that only 4% of tech executives have completed a full cloud migration. Many of the pitfalls that organisations have hit when trying to transition to the cloud link back to the problem of failing to modernise identity data systems before venturing on their cloud migration journey.
Identity modernisation is not a quick-and-easy fix, instead it is a stepwise problem that must be executed systematically. These steps include consideration of single-sign on, access management security, data governance, and lastly contextual access – all crucial factors when organisations are trying to migrate to the cloud. However, without accurate and actionable identity data, identity modernisation will never happen, and ultimately hybrid cloud environments are destined to fail.
Organisations need a single source of identity data which can offer efficiency, accuracy and security. With one resource, organisations no longer feel like they have to “swallow the frog” when it comes to managing their hybrid cloud environments.
Why does identity management cause so many headaches when it comes to hybrid cloud environments?
For decades, organisations have stored identity data across dispersed identity sources which all use various protocols, resulting in extensive customisations and a lot of repeated processes when it comes to meeting new business demands. These siloed systems lead to identity sprawl, as well as overlapping, inaccessible, and often conflicting identity data.
If our identities are clashing with each other, then how are IT teams able to figure out if “John Smith” in one directory is the same “John Smith” in another directory? This disjointedness in identity data results in organisations never building accurate and complete user profiles.
Security teams then have the unenviable task of trying to figure out which employees have access to what. It is not surprising that Radiant Logic’s research showed for 52% of tech executives, the manual provisioning and deprovisioning of access caused the greatest amount of stress.
It’s not just IT teams that have to deal with the frustration of poor identity management, but also employees as well. The endless number of usernames and passwords employees have to remember in order to access different applications can be irritating, with 64% of tech executives reporting user frustration with the number of different credentials needed to access different apps.
Identity sprawl also poses a huge security vulnerability, as well as restrictions to usability. Threat actors are always looking for targets where they can remain virtually undetected when they breach, and siloed systems give them a perfect opportunity because the attack surface is increased, and gaps are created which can be exploited.
Siloed systems that are forgotten about by security teams can result in past employees not being removed from the organisation’s system. Threat actors can use these forgotten identity credentials to access restricted areas of the network and cause significant damage to an organisation while remaining effectively hidden within the noise of normal everyday activity.
In order to gain the full potential out of hybrid cloud environments, organisations must reign in their identity data and gain proper control over their identity access. Without the modernisation of identity then hybrid cloud environments can never meet the needs of the organisation.
If these problems have such a significant impact on organisations, then why aren’t they doing something about it?
Organisations have tried to integrate Identity Access Management (IAM) solutions in order to help rein in their identity data, but they have had little or no effect, with IAM projects being halted or restarted at great cost and time.
Problems with identity sprawl is nothing new to organisations, but the realisation of the problem is. In the early 2000s, organisations already had identity siloes, but as networks were only on-prem, the problem was easy to handle through customisation and home-grown solutions. The relative safety of the network perimeter afforded some level of protection.
When organisations started implementing cloud and hybrid cloud environments effectively erasing the network perimeter, the problem grew exponentially. The explosion of remote working and the rise of shadow IT in 2020 further compounded it, and organisations, all too late, soon realised what had happened with their identity data.
Once discovered, organisations struggled to install the correct IAM solution to a problem which should have been sorted years ago. Radiant Logic found that 67% of organisations have a modern access control and governance solution, but a lot of apps and users are left out.
Many identity and access management solutions were not built to unify identity stores, which is crucial in a hybrid cloud environment, when 68% of tech executives see legacy systems as either “very” or “extremely” important. Organisations need an IAM solution which is able to unify and allow communication between both on-premise and cloud technologies.
Why will a single source of identity data help organisations that are in a hybrid cloud environment?
Radiant Logic found that 47% of tech executives would be able to move forward with their digital transformation projects if they had one single on-demand source of identity data. With many digital transformation projects taking the form of cloud migration, a single source of identity data is the way forward. An Identity Data Fabric approach enables unified identity data to be delivered to an application on-demand, including all the attributes of a user irrespective of which identity source it came from.
Identity Data Fabric works by unifying distributed identity data from all sources in order for applications to access data as needed. This unification of different sources results in applications being able to access identity data no matter what protocols or formats are being used and irrespective if it’s being stored on-premise or in the cloud.
Beyond just unifying and presenting identity data from disparate sources, effective identity fabric solutions allow the enterprise to present subsets of identity and attributes to systems or administrators. Such fine-grained scoping of identity presentation enables the organisation to maintain the concept of “least privilege” in ways that is simply not possible with siloed and dispersed identity stores.
Having one regularly updated resource means that IT teams will no longer have the stress of manually provisioning and de-provisioning users’ access, ultimately meaning that user access is correct, and the chances of the network being breached are reduced.
Efficiency, accuracy and security are the three components to ensure that hybrid cloud environments meet the needs of users. An Identity Data Fabric approach offers a single source of identity, which can serve identity modernisation and cloud migration projects, both immediate and long-term.
Hybrid cloud environments are now the cornerstone of every successful and modern enterprise, with identity data an integral part of that. Organisations need a flexible and accurate source of identity data which can meet the usability and security needs of users, applications and systems on hybrid cloud environments.
Chad McDonald is the CISO at Radiant Logic, a trusted expert at leading all phases of technology architecture while maintaining sophisticated information security systems for major organizations to enhance their threat detection and risk management capabilities.