December 1, 2023 By Bob Slocum 4 min read

For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories.

As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left with a host of new identity challenges that many aren’t prepared to deal with. The proliferation of diverse cloud environments, each with its own identity solutions, coupled with the complexities of legacy systems, has resulted in fragmented and siloed identity services. That is where the identity fabric comes in.

The challenge of hybrid identity

Most environments are comprised of a mixture of multiple cloud and on-premise (on-prem) applications and systems. Though many are moving to modern Software-as-a-Service (SaaS) solutions, on-prem IAM products are often deeply embedded in mission-critical systems of organizations. They can’t simply be unplugged and replaced with modernized IAM solutions without risking significant business disruption, loss of data continuity, potential security risks and single points of failure.

Additionally, many modern IAM solutions struggle to meet the complex requirements of large, multi-layered organizations, including user role management, compliance with industry-specific regulations and integration with existing IT infrastructure. It has become painfully evident that a one-size-fits-all IAM system doesn’t exist, forcing organizations to use a combination of IAM systems across hybrid clouds and on-prem. A recent Osterman Research Report found that 52% of organizations stated that addressing identity access challenges in hybrid and multi-cloud environments was a critical initiative for them over the next year.

Managing identity fragmentation

As identity services multiply across hybrid cloud environments, organizations struggle to manage and enforce consistent user policies, comply with changing regulations, gain holistic visibility and mitigate user-related risks. Legacy applications remain tethered to legacy identity solutions, creating an inconsistent user experience without a single authoritative source for a user’s identity. Osterman research showed the top identity initiative for the next twelve months for 64% of the responding organizations was extending cloud identity capabilities to on-prem applications.

What is an identity fabric?

Businesses need a versatile solution that complements existing identity solutions while effectively integrating the various IAM silos that organizations have today into a cohesive whole. To provide consistent security policies and a better user experience, businesses require the ability to quickly audit all authentication workflows, layer intelligence to automate data-driven decisions and empower artificial intelligence (AI) and machine learning (ML) across legacy and on-prem applications in hybrid cloud deployments.

This is where an identity fabric comes into play: to bridge the gap between legacy identity infrastructure and modern cloud-based IAM systems. An identity fabric aims to integrate and enhance existing solutions rather than replace them. The goal is to create a less complex environment where consistent security authentication flows and visibility can be enforced. This approach aligns with our strategy of “taking the complexity out of identity solutions for hybrid environments.”

Learn more about identity fabric

Providing the foundation for an identity fabric

We have found that there are some fundamental building blocks to delivering an effective identity fabric:

  • The first step is to eliminate the identity silos by creating a single, authoritative directory. It’s critical that this directory be vendor-agnostic so it can stitch together all of your directories to create a single source of truth, management and enforcement. IBM Security Verify Directory offers flexibility, efficiency and scalability across on-prem, cloud and hybrid environments, providing smooth and secure access control.
  • The next step is to extend modern authentication mechanisms to your legacy applications, which are often abandoned due to the need for more funding, time and/or skills to modify existing application authentication flows. IBM’s Application Gateway is a product-agnostic gateway designed to bridge the gap between legacy and modern apps and systems with no-code integrations that allow legacy applications to take advantage of modern and advanced authentication capabilities, helping to reduce risk and improve regulatory compliance.
  • The third step incorporates behavioral risk-based authentication for modern and legacy applications. Regardless of the IAM solutions in use, risk-based authentication solutions enable a continuous assessment of risk levels at the time of access. Verify Trust introduces dynamic risk-based authentication, enhancing security without requiring a complete system overhaul. Powered by AI, Verify Trust delivers accurate and continuous risk-based access protection against the latest account takeover techniques by combining global intelligence, user behavioral biometrics, authentication results, network data, account history and a range of device risk detection capabilities.
Explore the Verify family

Orchestration holds your identity fabric together

Orchestration is the integration glue to an identity fabric. Without it, building an identity fabric would be resource-intensive. Orchestration allows more intelligent decision-making and simplifies onboarding and offboarding. It enables you to build consistent security policies while taking the burden off your administrators as you quickly and easily automate processes at scale.

For example, you have a legacy application with a homegrown identity system. The people who wrote it have long since left. Orchestration enables you to create a workflow so that when a user logs in to the system, it automatically creates a user account on the preferred modern identity solution with low code or no code identity orchestration. When users return to that homegrown application, they will automatically access it with a modern authentication mechanism.

Effective identity orchestration allows you to achieve simplicity in legacy and modern application coexistence, remove the burden of identity solution proliferation, consolidate identity silos, reduce identity solution vendor lock-in and simplify identity solution migrations by allowing for highly customizable flows with little-to-no code across identity solutions.

Take the next step in identity solutions

Whether you are an organization looking for workforce access, customer IAM, privileged access or governance identity solutions, or looking to build an identity fabric with your existing identity solutions, IBM Security Verify takes the complexity out of identity solutions for hybrid environments, emphasizing innovation and customer-centricity. We invite all stakeholders to join us on this transformative journey as we shape the future of IAM. Together, we will simplify identity solutions for the ever-evolving world of hybrid environments.

Join us for a webinar to learn more.

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today