December 1, 2023 By Bob Slocum 4 min read

For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories.

As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left with a host of new identity challenges that many aren’t prepared to deal with. The proliferation of diverse cloud environments, each with its own identity solutions, coupled with the complexities of legacy systems, has resulted in fragmented and siloed identity services. That is where the identity fabric comes in.

The challenge of hybrid identity

Most environments are comprised of a mixture of multiple cloud and on-premise (on-prem) applications and systems. Though many are moving to modern Software-as-a-Service (SaaS) solutions, on-prem IAM products are often deeply embedded in mission-critical systems of organizations. They can’t simply be unplugged and replaced with modernized IAM solutions without risking significant business disruption, loss of data continuity, potential security risks and single points of failure.

Additionally, many modern IAM solutions struggle to meet the complex requirements of large, multi-layered organizations, including user role management, compliance with industry-specific regulations and integration with existing IT infrastructure. It has become painfully evident that a one-size-fits-all IAM system doesn’t exist, forcing organizations to use a combination of IAM systems across hybrid clouds and on-prem. A recent Osterman Research Report found that 52% of organizations stated that addressing identity access challenges in hybrid and multi-cloud environments was a critical initiative for them over the next year.

Managing identity fragmentation

As identity services multiply across hybrid cloud environments, organizations struggle to manage and enforce consistent user policies, comply with changing regulations, gain holistic visibility and mitigate user-related risks. Legacy applications remain tethered to legacy identity solutions, creating an inconsistent user experience without a single authoritative source for a user’s identity. Osterman research showed the top identity initiative for the next twelve months for 64% of the responding organizations was extending cloud identity capabilities to on-prem applications.

What is an identity fabric?

Businesses need a versatile solution that complements existing identity solutions while effectively integrating the various IAM silos that organizations have today into a cohesive whole. To provide consistent security policies and a better user experience, businesses require the ability to quickly audit all authentication workflows, layer intelligence to automate data-driven decisions and empower artificial intelligence (AI) and machine learning (ML) across legacy and on-prem applications in hybrid cloud deployments.

This is where an identity fabric comes into play: to bridge the gap between legacy identity infrastructure and modern cloud-based IAM systems. An identity fabric aims to integrate and enhance existing solutions rather than replace them. The goal is to create a less complex environment where consistent security authentication flows and visibility can be enforced. This approach aligns with our strategy of “taking the complexity out of identity solutions for hybrid environments.”

Learn more about identity fabric

Providing the foundation for an identity fabric

We have found that there are some fundamental building blocks to delivering an effective identity fabric:

  • The first step is to eliminate the identity silos by creating a single, authoritative directory. It’s critical that this directory be vendor-agnostic so it can stitch together all of your directories to create a single source of truth, management and enforcement. IBM Security Verify Directory offers flexibility, efficiency and scalability across on-prem, cloud and hybrid environments, providing smooth and secure access control.
  • The next step is to extend modern authentication mechanisms to your legacy applications, which are often abandoned due to the need for more funding, time and/or skills to modify existing application authentication flows. IBM’s Application Gateway is a product-agnostic gateway designed to bridge the gap between legacy and modern apps and systems with no-code integrations that allow legacy applications to take advantage of modern and advanced authentication capabilities, helping to reduce risk and improve regulatory compliance.
  • The third step incorporates behavioral risk-based authentication for modern and legacy applications. Regardless of the IAM solutions in use, risk-based authentication solutions enable a continuous assessment of risk levels at the time of access. Verify Trust introduces dynamic risk-based authentication, enhancing security without requiring a complete system overhaul. Powered by AI, Verify Trust delivers accurate and continuous risk-based access protection against the latest account takeover techniques by combining global intelligence, user behavioral biometrics, authentication results, network data, account history and a range of device risk detection capabilities.
Explore the Verify family

Orchestration holds your identity fabric together

Orchestration is the integration glue to an identity fabric. Without it, building an identity fabric would be resource-intensive. Orchestration allows more intelligent decision-making and simplifies onboarding and offboarding. It enables you to build consistent security policies while taking the burden off your administrators as you quickly and easily automate processes at scale.

For example, you have a legacy application with a homegrown identity system. The people who wrote it have long since left. Orchestration enables you to create a workflow so that when a user logs in to the system, it automatically creates a user account on the preferred modern identity solution with low code or no code identity orchestration. When users return to that homegrown application, they will automatically access it with a modern authentication mechanism.

Effective identity orchestration allows you to achieve simplicity in legacy and modern application coexistence, remove the burden of identity solution proliferation, consolidate identity silos, reduce identity solution vendor lock-in and simplify identity solution migrations by allowing for highly customizable flows with little-to-no code across identity solutions.

Take the next step in identity solutions

Whether you are an organization looking for workforce access, customer IAM, privileged access or governance identity solutions, or looking to build an identity fabric with your existing identity solutions, IBM Security Verify takes the complexity out of identity solutions for hybrid environments, emphasizing innovation and customer-centricity. We invite all stakeholders to join us on this transformative journey as we shape the future of IAM. Together, we will simplify identity solutions for the ever-evolving world of hybrid environments.

Join us for a webinar to learn more.

More from Identity & Access

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

CISA, NSA issue new IAM best practice guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today