Setting the Stage<\/h2>\n
During previous years of identity management, most identity professionals deployed an on-premise directory domain, which supported common authentication mechanisms such as Kerberos, Negotiate, NTLM, Secure Channel, and Digest. That word \u201cauthentication\u201d is one of the four pillars of an Identity. The other three pillars include administration, authorization, and auditing.<\/p>\n
Nowadays, when moving to the cloud, we see these authentication mechanisms are less and less useful to us because the federation is the currency of cloud and edge computing today. Federation supports claims-based identity by providing delegated authentication and delegated authorization.<\/p>\n
WS-Fed, SAML, and OAuth are such federation sign-in protocols. Think of a federation between two organizations like the watered-down version of an Active Directory trust between two domains.<\/strong> We started with identity terminology, but keep reading as we dive deeper into supporting topics.<\/p>\n A decade ago, most enterprises had a traditional, centralized IT department delivering capabilities to the business in a highly controlled and locked-down fashion. A typical \u201con-premise\u201d network perimeter consisted of an Active Directory and Domain joined servers in a company\u2019s data center. Sound familiar?<\/p>\n Active Directory, or some form of another directory, allows users and the computers of an organization to authenticate against resources in the same forest.<\/strong> Or, if there were two forests, via setting up a trust between those forests. On-premise was considered a trusted perimeter. Anything outside the network fell into a hostile category. Authentication in this perimeter then used to be Basic, Digest, Windows Authentication, or forms-based authentication. The below diagram depicts a traditional on-premise IT model.<\/p>\n Today, the challenges of securing our environment, particularly from the IAM perspective, is at the top of every organization\u2019s priority list regardless of a company\u2019s size. Identity and Access Management continues to be highly complex, increasing in scope. Digital Transformation initiatives bring about several complexities that did not exist 10 to 15 years ago. Environments are more diverse now. Companies are moving their assets to the cloud.<\/p>\n The diagram below shows the evolving identity challenges in the 21st century<\/strong>. Identity solutions cover on-premise and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. We call this hybrid identity, which we will discuss a little later.<\/p>\n Authentication mechanisms used in the past are no longer effective for today\u2019s cloud and edge focused IoT world. We must leverage alternative identity management approaches to address the increasingly complex landscape. Users with any device (PC, mobiles, and more), anyplace, anytime want to access their application. Challenges in an organization continue to grow as users BYOD (Bring Your Own Devices) and access applications residing anywhere, inside or outside the perimeter, including user\u2019s data.<\/strong> Think about IoT devices in the mix and it makes the above scenario gets even more complex.<\/p>\n The most common hybrid identity scenarios we hear in our day to day activities are, for example:<\/strong><\/p>\nIdentity and Access Management a Decade Ago<\/h2>\n
![\"IAM](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2019\/12\/IAM-image-1.png\")
<\/a><\/p>\nIdentity and Access Management Today<\/h2>\n
![\"IAM](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2019\/12\/IAM-image-2.png\")
<\/a><\/p>\nToday\u2019s Identity Challenges<\/h2>\n
![\"\"](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2019\/12\/IAM-image-3-1-300x123.jpg\")
<\/p>\nHybrid Identity<\/h2>\n
\n
![\"IAM](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2019\/12\/IAM-image-4.png\")
<\/a><\/p>\n