More Related Content Similar to Migrating and Modernizing Identity on the Path to Multi Cloud (20) Migrating and Modernizing Identity on the Path to Multi Cloud1. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.© Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
Eric Leach
Chief Product Officer
Strata Identity, Inc.
Strata
Migrating and
Modernizing Identity
on the Path to Multi
Cloud
2. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
2
Redefining Identity For Multi Cloud World
ABOUT STRATA
Strata is an identity management services
provider focused on modernizing and migrating
identity to multi cloud and hybrid.
Our team has more than 110 years of combined
identity experience from Oracle, Salesforce,
Securant, Symplified, Ping, Auth0, JumpCloud,
PWC, and Thor.
Strata Identity
Eric Leach
CPO & Cofounder
• Eric brings 20+ years of experience developing and
delivering innovative solutions for identity
management.
• Most recently Eric was VP Product Management of
Oracle’s global identity portfolio.
• Eric built Salesforce’s Shield data security product
into a $500M business.
• Eric got his start in identity at Sun, where he
delivered the industry’s first commercial opensource
identity product, OpenSSO.
Intro
3. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
3
Agenda
1. What’s Going on with Identity?
2. What We Learned
3. Why Modernize?
4. Lift and Shift or Move and Improve?
5. Becoming Cloud Native
6. Identity for Multi Cloud
7. Extending Cloud Native Identity to Hybrid
8. Putting it all Together
4. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
4
What’s Going on with Identity?
5. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
5
A Hypothesis: customers are staring down three
IAM challenges
1. Moving to the cloud requires
modern identity systems.
2. Customers are universally
adopting multiple clouds.
3. Legacy IAM systems are aging
out and reaching end of life.
6. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
6
Using Lean Customer Development
To validate or disprove a hypothesis, you must first understand:
• Who are your customers
• What problems they are facing
• What are their current behaviors
Test your hypotheses by setting aside preconceived ideas and asking
simple, open-ended questions and then listening quietly and patiently.
7. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
7
We Asked Questions Like…
Q: Who owns identity in your enterprise?
A: The team in IT that traditionally owned IAM
B: The team(s) responsible for managing our cloud platform(s)
C: The business owner(s) that fund our SaaS app(s)
D: All three
E: I don’t know
8. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
8
We Asked Questions Like…
Q: Who owns identity in your enterprise?
A: The team in IT that traditionally owned IAM 65%
B: The team(s) responsible for managing our cloud platform(s) 9%
C: The business owner(s) that fund our SaaS app(s) 0%
D: All three 27%
E: I don’t know 0%
9. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
9
Using Lean Customer Development
Full disclosure: these are our practices, not our ideas.
Shout out to Cindy Alvarez. You should read her book.
https://www.cindyalvarez.com/lean-customer-development/
10. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
10
What We Learned
11. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
11
Most enterprises have
3+ cloud IaaS platforms
Most have private and
public clouds
Digital transformation is
driving this shift
SAML is focused on SSO
and Authentication
Identity data still needs
to be synchronized
No Identity Metadata
No Identity Lifecycle
No IGA
Need to deploy CSP
identity to use IaaS
platform, or SaaS App
(Office 365)
No visibility across silos
Fragmented across
clouds and across stack
Politics
Security
Economics
Migration Costs
M&A Integration
End of life 2020
Expertise hard to find
Compliance issues
Not compatible with
cloud native
architecture
SAML and
Federated
SSO Doesn’t
Address
Identity Data
Centralizing
Identities Is
Impossible
Legacy
Identity
Software is
Reaching
End of Life
Identity Silos
Are
Propagating
Multiple Clouds
Drives Multiple
Identity
Challenges
A Pattern of Recurring Pain Points
12. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
12
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.
13. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
13
Hybrid Multiple Directories Multiple Policies
OAuth, OIDC, JWT
SCIM, Cookie Based,
HTTP Headers
On-Prem Reverse Proxy Yes
Multi Cloud Multiple Directories Multiple Policies
OAuth, OIDC, JWT
SCIM, SAML
Cloud Proxies Yes
Cloud Native Cloud Directory CSP / IDaaS
OAuth, OIDC, JWT
SCIM, SAML
Cloud Proxy Yes
Move & Improve Simple AD AWS Cognito
OAuth, OIDC, JWT
SCIM, Cookie Based, HTTP
Headers
Cloud Proxy Yes
Lift & Shift Active Directory SiteMinder Cookies & Header Agents or Proxy No
Baseline Active Directory SiteMinder Cookies & Header Agents or Proxy No
Identities Policies Sessions
Integration &
Enforcement
DevOps
A Cloud Identity Maturity Model
14. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
14
Why Modernize
15. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
15
Legacy Identity Characteristics vs Cloud Requirements
Legacy IAM Cloud
Deployment Model
• Pre-deployed servers for peak capacity
• Bare OS, some virtualization
• Individually edited config files
• Autoscaling
• Containers and orchestrators
• Declarative, immutable configuration
Integration Model
• Static agents for web, Java, .Net apps
• Proprietary APIs
• Proprietary cookies or HTTP Headers
• Sidecars and Nginx proxies
• Opensource tools and documented APIs
• Standards based tokens
User Model
• Single, consolidated user directory
• Distributed directories per cloud
Policy Model
• Static policy evaluation
• Custom deployed MFA
• Adaptive authentication and authorization
• Strong authentication by default
16. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
16
How Identity Is Delivered
To Apps In Legacy
Deployments
17. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
17
Benefits of Identity Migration and Modernization
Become Cloud Native Save Money Get More Done Faster
Break Lock-In Future Proof Investments Leap To The Cloud
• Adopt cloud native architectures with
an identity capability to match.
• Move to the cloud while extending your
existing identity and policies.
• Focus on digital transformation and
don’t worry about infrastructure.
• Migrating off old technology will save
you operational costs, legacy licensing &
maintenance costs, and infrastructure
expense.
• Automated migration saves you time
and money.
• Look for ways to turn migrations from
complex, multi-quarter initiatives into
quick software powered projects. Knock
off your migration tasks quickly.
• Consider externally sourcing experts so
you don’t have to find and hire rare
talent.
• API abstraction layers give you the
freedom to use the identity system of
your choice.
• Replicate identities, policies,
configurations across platforms.
• Leverage your existing investments in
the cloud through hybrid configurations.
• Extend value-producing apps and
systems to the cloud.
• Sync identities and policies to keep your
hybrid environments orchestrated.
• Determine whether you can make the
jump straight to cloud native.
• Use an incremental migration approach
or move everything straight to a cloud
native design.
18. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
18
Lift & Shift or Move & Improve
19. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
19
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.
20. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
20
Virtualized Infrastructure
moves from on-premises
deployment to IaaS
service like AWS EC2,
GCP, Azure VM.
Lift and Shift:
Identity and Apps
to IaaS
21. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
21
Replace some
elements of
Infrastructure with
IaaS-provided services
like AWS Cognito,
Google Cloud Identity
and Azure AD.
Move and Improve:
Adopting Cloud
Native Identity
Services
22. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
22
Becoming Cloud Native
23. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
23
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to cloud native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.
24. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
24
Cloud Native
Identity and Apps
Implement a cloud native
containerized microservices
platform with native identity
microservices provided by cloud
service providers.
25. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
25
Identity for Multi Cloud
26. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
26
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.
27. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
27
Multi Cloud Identity
Across Public and
Private Clouds
Seamless identity and application
integration across multiple public
and private clouds.
28. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
28
Extending Cloud Native to Hybrid
29. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
29
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.
30. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
30
Cloud based IDaaS links
back to on-prem network
to leverage existing
directories and extend
SSO to on-prem apps.
Extending IDaaS
to Hybrid SSO
31. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
31
Putting It All Together
32. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
32
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOCloud Native
Identity
Services
Multi Cloud
Identity
33. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
33
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOCloud Native
Identity
Services
Multi Cloud
Identity
34. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
34
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOMulti Cloud
Identity
Cloud Native
Identity
Services
35. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
35
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOMulti Cloud
Identity
Cloud Native
Identity
Services
36. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
36
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOCloud Native
Identity
Services
Multi Cloud
Identity
37. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
37
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOCloud Native
Identity
Services
Multi Cloud
Identity
38. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
38
Takeaways: A Customer Perspective
“We are on this journey, but it has to be incremental. No big bangs!”
“We cannot afford lock in. We need unfettered access to innovation
on each of our cloud platforms.”
“There is a new identity model that is distributed, not centralized.”
39. © Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
Strata helps organizations move off legacy
identity systems and onto modern cloud
native identity systems across multiple clouds
Thank You!