Overcoming last mile identity management challenges

By Steve Lay, Senior Sales Engineer at Strata Identity

Managing identities across an enterprise is a daunting task. A proliferation of users, applications, devices, and clouds introduces formidable barriers to both IT operations and security. Nowhere is the situation more challenging than at last mile access, where authentication butts up against the harsh realities of business — and cybersecurity.

In many cases, the last mile is where frameworks break down, and problems pop up. A mix of proprietary protocols and approaches — different applications often rely on different tools and standards — leads to challenges for network architects, developers, IT groups, security staff, and others. Enforcing policies across legacy and multi-cloud applications can prove tricky and time-consuming.

Fortunately, there’s a way to sidestep the pain caused by last-mile identity challenges. Identity orchestration has the power to abstract identity and policy data from applications without making any code changes while introducing a framework that fully supports all modern identity standards.

This approach typically lowers costs, improves operational efficiency, and boosts security. It also frees software developers and other teams to tackle higher-value tasks.

Lack of standards introduces risk

At the heart of the challenge is a simple fact. A typical enterprise runs hundreds or even thousands of applications. While each software package has authentication and other security protections built in — anything from basic password logins to multi-factor authentication (MFA) or passwordless technology — there’s no uniformity across the stack.

All of this results in a lack of standardization across authentication and authorization mechanisms. Within legacy applications, the result is a lack of support for modern identity protocols such as OAuth, FIDO2, and SAML. In addition, many enterprises struggle to integrate data from individual apps with identity management systems.

In the cloud, the complexities expand further. A diverse and decentralized application ecosystem often leads to varying levels of identity protocol support across cloud providers and inconsistent enforcement of identity policies across cloud apps.

Either way, organizations frequently find themselves addressing tedious tasks, including the need to make modifications to apps, often through direct coding. The problem is especially common for non-standards-based applications including forms that rely on headers, local account authentication (LDAP or database typically), or other proprietary mechanisms.

Again, as all the connection points multiply, particularly in multi-cloud environments — organizations often find themselves struggling to keep up. What’s more, overhead and technical debt continue to accumulate.

Identity orchestration as an instrument for change

Tackling the last mile challenge is paramount. Unifying policy enforcement for hybrid environments is critical. Identity orchestration can rein in the chaos. This abstracted framework — which floats free of all the individual apps and systems — serves as a virtual traffic cop. It supports all modern identity standards and ensures that the right policy is applied at the right place and at the right time.

With this last mile enforcement framework in place, an organization can deploy modern security methods such as MFA or passkeys on a widespread yet granular basis. It can enable and disable accounts based on specific concerns, criteria and events. What’s more, identity orchestration closes many of the entry points that hackers and attackers use to enter a network and do damage.

An enterprise can also adopt standardized identity protocols like OAuth, OpenID Connect and FIDO2 — and even combine and intertwine them in highly strategic ways. This makes it possible to deploy modern technologies more strategically and swap them out universally when newer protocols appear. What’s more, nothing ever touches the actual application.

Getting to Zero

The result is best practice policy enforcement, authentication and access control at enterprise scale — with Zero Trust and least privileged models in place. In addition to the enterprise achieving significant gains, customers, business partners, employees and others all potentially benefit.

With identity orchestration, an organization can unify the management and enforcement of proprietary and incompatible identity policies across both legacy IT and multi-cloud frameworks. Suddenly, the last mile of identity management and authentication becomes more secure and less complicated to administer.

About the author

Steve Lay is Senior Sales Engineer at Strata Identity. He has more than 16 years of customer-facing experience in identity management with SailPoint, Sirius Computer Solutions and IBM.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

biometrics  |  cybersecurity  |  digital identity  |  identity management  |  identity orchestration  |  multifactor authentication  |  OpenID Connect  |  Strata Identity  |  Zero Trust