Strata Identity Proposes Standard to Simplify Identity Management
Strata Identity today launched an open source project that makes it possible to employ a common policy format to declaratively define identity and access policies—without requiring an agent, proxy software or some other form of local code.
The project is based on the new Identity Query Language (IDQL) standard and Hexa, a tool that abstracts identity and access policy from cloud platforms, authorization systems, data resources and networks. It discovers what policies exist and then translates them from their native policy syntax into the generic, IDQL declarative policy. Hexa also enables an IT team to consistently distribute and orchestrate policies across multiple environments.
Gerry Gebel, head of standards at Strata Identity, noted that cloud platforms, for example, have their own proprietary identity system and policy language that are incompatible with each other. Each application must be hardcoded to work with a specific identity system. The goal is to create an identity system and policy language standard that doesn’t require making changes to platforms or applications to unify the management of identities and contribute this project to the Cloud Native Computing Foundation (CNCF), he added.
Ultimately, such a standard would advance the overall state of DevSecOps as it becomes simpler to programmatically manage identities, Gebel said.
IDQL, first, and now Hexa were created by some of the co-authors of Security Assertion Markup Language (SAML), the global federated identity and single sign-on standard. Organizations lending support to the effort include Versa Networks, the Metro Ethernet Forum and enterprises such as Kroger, Cummins and S&P Global.
Collectively, IDQL and Hexa make it possible to discover what policies are in place, create an inventory of applications, data and policies and uncover which applications exist and where they reside. It also provides an extensible, open source model to enable the building of custom connectors for integration.
A recent survey of more than 200 IT leaders found 25% of respondents claimed to have visibility into access policies spanning multiple cloud computing platforms. The survey polled IT leaders in North America from organizations with annual revenue of $500 million or more and was conducted by Osterman Research on behalf of Strata Identity. A full 82% of organizations with revenues in excess of $1 billion use three or more clouds. Among smaller enterprises, 49% currently use three or more clouds. In 12 months, three or more clouds are expected to be used by 95% of large enterprises and 58% of smaller ones.
A total of 70% of respondents are employing two or more identity systems. Only 30% use a single system to manage workforce identity while 47% use two, 16% use three and 7% use four or more. Three quarters (75%) of respondents said they lack the ability to easily discover all existing access policies. Their top two multi-cloud concerns are data privacy (77%) and managing siloed identities (66%).
More than 75% of enterprises do not have the tools to easily discover all existing access policies and said it was very important to ensure identity and access management policies were consistent across all platforms and technology stacks.
Identities are, of course, at the core of any approach to zero-trust IT, so the amount of attention paid to managing them has increased considerably in the wake of a series of high-profile breaches. The challenge, of course, is that not only are more individuals working from home, but they are also accessing a much wider range of platforms. Those platforms all have systems for managing identities that need to be individually mastered to ensure the appropriate cybersecurity policies are maintained.