Unified Identity – look for the meaning behind the hype!

Feb 08, 2024The Hacker NewsUnified Identity / Cyber Security

Unified Identity

If you’ve listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!

However (there is always a however, right?) not every “unified” “identity” “security” “platform” is made equal. Some vendors call the combination of workforce IDaaS and customer IDaaS a unified identity solution, while others offer a glorified 2FA service – unified only in the mind of their marketers.

Your landscape matters!

So forget for a moment what the vendors claim, and think back to your organization and your identity security landscape. Consider this new definition: “unified” is what has the ability to consolidate your identity challenges with a complete identity solution.

Here’s an example: you’re responsible for the identity infrastructure of a large hospital. Frontline workers, administrative employees, audit/compliance needs and a large number of external users. You are using Active Directory, and your LOB application doesn’t do identity. For this hospital, unified identity means strong access management for customers and frontline workers, strong joiner-leaver-mover handling, AD hardening and enterprise-grade reporting. Anything less fails the unified promise and means their internal identity landscape stays fractured.

Another example: a small software dev studio. They need extra strong controls on Privileged Access Management (PAM) to protect the development pipeline and make sure they won’t become the initial attack vector in a supply chain attack. But they also need Identity Governance and Administration (IGA) for machine entities and their owners, working on the many automated tasks they are running. A solution which covers PAM and IGA independently from each other is not unified.

What is the value of unified identity anyways?

So why has “unified identity ” become such a hot buzzword? Well, there are some really good arguments for it. Traditionally, the identity space was very fractured, with many experts not even considering it a singular market until fairly recently. Identity Governance and Administration (IGA), Access Management (AM), and Privileged Access Management (PAM) were the key sub-markets, with a wide array of adjacent spaces such as AD bridging and endpoint privilege management.

The key driver for unified identity is this extreme fragmentation: a large organization has on average 45 different security tools. Add to this the identity sprawl, a trend where organizations keep getting more and more identity silos in-house – a One Identity survey shows half the organizations are using more than 25 different systems to manage access rights. This is simply not sustainable, and adding a new tool each time a new threat approaches is completely unworkable. So organizations are looking to consolidate vendors, reduce complexity and slim down the number of suppliers they work with. The benefits of a Unified Identity Platform are a better cybersecurity posture and greater resilience in the face of security threats, whilst increasing simplicity and enabling agility.

Another reason is top line cost: bundles, volume discounts and ELAs are a simple way to reduce costs. Vendor consolidation also brings some less obvious savings too: a single tech stack helps the skills gap, easing the stress on hiring and training, which in turn means significant savings on headcount and may lessen the requirement for highly trained senior staff, creating more value from security with less resources or put another way, working smarter not harder.

Integration is a key aspect of the identity landscape – and one of the largest headaches. Security tools need to work together smoothly, but that’s rarely a given. The industry is not keen on common standards, which makes interoperability very hard to achieve. With some effort (meaning customization, support hours and overhead) identity solutions can work together pairwise, but creating a complete ecosystem of identity tools that work flawless together is a rare achievement. It’s easy to see the value a unified identity platform brings here. The tools are pre-tested, pre-validated to work together, usually without any customization required, and the platform components are supported as one by the vendor.

This brings us to the final benefit: faster time to value, an expression worthy of any MBA graduate. Identity and access management (IAM) projects are famous for taking a long time to implement, as specialists meticulously formalize business processes and implement them in code or configuration. In large organizations, this is an incredibly complex task, as the IAM setup needs to mirror every aspect (and quirk) the business has built up – sometimes over decades. Implementations become so complex that they just fail – the cost and time overruns exceeding the patience of business leaders. In a nutshell: time to value matters in IAM. And a unified identity solution removes the complexity of the multi-vendor approach, eliminating at least one factor.

After these benefits, let’s talk a downside: vendor lock-in. Unified identity sounds wonderful but betting the house on a single vendor is a high ask. And what if you already have some solutions in place that you’re happy with? It’s important to remember that not all unified identity vendors are the same; Some vendors offer modular identity platforms which allow you to keep what you want and unify what you need. This approach enables customers to start the unification at any point (for example with PAM) without the need to embrace and implement all areas in one giant leap. When picking vendors, look for this flexible approach.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

2024-02-08 10:39:00


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *