New Identity Standard and Policy Orchestration Software Enables Multi-Cloud Access Policy Management

Hexa Open Source Project Enables Consistent Multi-cloud Identity and Policy Orchestration using the New Identity Query Language (IDQL) Standard

BOULDER, Colo., May 18, 2022 – Strata Identity, the Identity Orchestration for multi-cloud company, today announced the availability of an open source project that enables organizations to use cloud platforms like Azure, AWS, and Google and apply consistent access policy across any applications on whatever cloud. IDQL is a new common policy format used to define identity access policies in a declarative way. 

Currently, each cloud platform (AWS, Google, Microsoft Azure, etc.) uses a proprietary identity system with its own policy language, all of which are incompatible with each other. Meanwhile, each application must be hardcoded to work with a specific identity system. According to the 2022 State of Multi-Cloud Identity report published last week, this is a major challenge for organizations, with only 25% of respondents stating that they have visibility into multi-cloud access policies. 

IDQL and Hexa enable any number of identity systems to work together as a unified whole, without making any changes to them or to applications. 

Hexa abstracts identity and access policy from cloud platforms, authorization systems, data resources, and zero trust networks. It discovers what policies exist, then translates them from their native policy syntax into the generic, IDQL declarative policy. Finally, Hexa orchestrates policies across cloud systems and the technology stack including apps, data resources, platforms, and networks.

One working group member, in particular, understands the need to unify policy orchestration from the application to the network layer. “IDQL and Hexa provide the necessary framework for linking identity and policy to the Zero Trust standards being developed at MEF today,” said Pascal Menezes, CTO of MEF. “MEF is proud to be an early supporter of IDQL and Hexa and we look forward to collaborating further in the future.”

IDQL and Hexa were created by some of the co-authors of Security Assertion Markup Language (SAML), the global federated identity and SSO standard that allows internet users to move between federated websites without re-entering their credentials.

“Just as Kubernetes transformed computing by allowing applications to transparently move from one machine to another, IDQL enables access policies to move freely between proprietary identity systems,” said Eric Olden, CEO of Strata Identity and one of the co-authors of the SAML standard. “IDQL and Hexa eliminate identity silos in the cloud and on-premises, by creating an intelligent, distributed identity system with one brain.”

How it Works

Hexa is an open source technology that enables organizations to unify and consistently manage all of their access policies across multi-clouds, on-premises systems, and vendors. Together IDQL and Hexa provide the following capabilities:

Policy discovery

  • Analyzes and performs inventory of key apps, data, and policies
  • Uncovers which apps exist and where they are
  • Finds what policies, users, and roles exist

Policy translation

  • Translates native, imperative policies into declarative IDQL policies during policy discovery
  • Translates declarative IDQL policies into native, imperative policies of the target system(s) during policy orchestration

Policy orchestration

  • Distributes policies to be enforced by identity providers (IdPs), clouds, IaaS, and network systems
  • Works via a cloud-based architecture that does not require an agent, proxy, or local code
  • Uses an extensible, open source model that supports custom connector integrations

IDQL and Hexa are public projects with code repos available on GitHub today at The two components of the project have been submitted as a sandbox project to the Cloud Native Computing Foundation (CNCF). For more information about Hexa and IDQL visit

Working Group Partner and Industry Quotes

“For the first time ever, you can unify and centrally manage your policies not only North to South, but also East to West across any CSP, or virtually any end-point in your solution architecture. IDQL enables you to centrally manage disparate access policies in an abstraction layer as opposed to individually in each CSP,” said former identity executive with Wells Fargo, Morgan Stanley, Goldman Sachs and IDQL working group member Tom Malta. 

“Versa Networks has long embraced standards as a mechanism to facilitate the adoption of our solutions.  By participating in the IDQL Policy initiative, Versa hopes to help normalize the policy language between customers and vendors,” Neil Danilowicz, Principal Architect at Versa.

“The timing for IDQL and Hexa is perfect, as there is a demonstrated and growing need for multi-cloud Policy Orchestration, according to our research at ESG,” said Jack Poller, Senior Analyst for Enterprise Strategy Group (ESG). “What’s especially valuable about Hexa is it coordinates consistent policy across cloud platforms and the tech stack. This open-sourced, vendor-neutral approach is needed to expedite adoption across vendors, developers, and business users alike.”

“Strata is delivering valuable innovation to the marketplace that helps solve some of the major identity management challenges facing so many enterprises today,” said Martin Kuppinger, Principal Analyst and co-founder of KuppingerCole Analysts. “The IDQL/Hexa project shows a strong potential of making things better and more secure by standardizing how the industry accomplishes policy-based identity orchestration.”

Strata Identity is hosting a panel webinar with other members of the working group entitled “The building of a new identity standard: Why the multi-cloud world needs IDQL and Hexa to unify policy” on May 25 at 10 am PT / 1 pm ET. To register visit this link

About IDQL/Hexa Project

IDQL and HEXA are managed under a vendor-neutral working group and an open source, open governance model and will remain independent from any company or company-sponsored project. Interest in building open standards for cloud identity is being driven by global multi-cloud adoption and incompatibility between cloud identity systems. The authors of IDQL and Hexa include Strata Identity, Kroger, Versa Networks, S&P Global, Cummins, and MEF. Others interested in supporting the Project can find more information at

About Strata

Strata is the Identity Orchestration leader, making consistent identity and policy management a reality. Our Identity Orchestration platform, Maverics, is the only solution built for today’s distributed, multi-cloud and hybrid-cloud environments. With Strata, companies can quickly, securely, and permanently modernize applications to use cloud-based authentication and advanced identity solutions. Our unique approach enables organizations to break decades-old vendor lock-in and move enterprise workloads to the public cloud. The company’s founders co-authored the SAML open standard for identity interoperability, created the first cloud identity services, delivered the first open-source identity products, and are now building the first distributed Identity Orchestration platform. For more information, visit us on the Web and follow us on LinkedIn and Twitter.

Media Contact:
Marc Gendron
Marc Gendron PR for Strata
[email protected]


# # #

The post New Identity Standard and Policy Orchestration Software Enables Multi-Cloud Access Policy Management appeared first on

*** This is a Security Bloggers Network syndicated blog from authored by Heidi King. Read the original post at: