Migrating Identity to Multi Cloud

© Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.© Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
Eric Leach
Chief Product Officer
Strata Identity, Inc.
Strata
Migrating and
Modernizing Identity
on the Path to Multi
Cloud

© Strata Identity Inc. 2019. All Rights Reserved. Patents Pending.
2
Redefining Identity For Multi Cloud World
ABOUT STRATA
Strata is an identity management services
provider focused on modernizing and migrating
identity to multi cloud and hybrid.
Our team has more than 110 years of combined
identity experience from Oracle, Salesforce,
Securant, Symplified, Ping, Auth0, JumpCloud,
PWC, and Thor.
Strata Identity
Eric Leach
CPO & Cofounder
• Eric brings 20+ years of experience developing and
delivering innovative solutions for identity
management.
• Most recently Eric was VP Product Management of
Oracle’s global identity portfolio.
• Eric built Salesforce’s Shield data security product
into a $500M business.
• Eric got his start in identity at Sun, where he
delivered the industry’s first commercial opensource
identity product, OpenSSO.
Intro

3
Agenda
1. What’s Going on with Identity?
2. What We Learned
3. Why Modernize?
4. Lift and Shift or Move and Improve?
5. Becoming Cloud Native
6. Identity for Multi Cloud
7. Extending Cloud Native Identity to Hybrid
8. Putting it all Together

4
What’s Going on with Identity?

5
A Hypothesis: customers are staring down three
IAM challenges
1. Moving to the cloud requires
modern identity systems.
2. Customers are universally
adopting multiple clouds.
3. Legacy IAM systems are aging
out and reaching end of life.

6
Using Lean Customer Development
To validate or disprove a hypothesis, you must first understand:
• Who are your customers
• What problems they are facing
• What are their current behaviors
Test your hypotheses by setting aside preconceived ideas and asking
simple, open-ended questions and then listening quietly and patiently.

7
We Asked Questions Like…
Q: Who owns identity in your enterprise?
A: The team in IT that traditionally owned IAM
B: The team(s) responsible for managing our cloud platform(s)
C: The business owner(s) that fund our SaaS app(s)
D: All three
E: I don’t know

8
We Asked Questions Like…
Q: Who owns identity in your enterprise?
A: The team in IT that traditionally owned IAM 65%
B: The team(s) responsible for managing our cloud platform(s) 9%
C: The business owner(s) that fund our SaaS app(s) 0%
D: All three 27%
E: I don’t know 0%

9
Using Lean Customer Development
Full disclosure: these are our practices, not our ideas.
Shout out to Cindy Alvarez. You should read her book.
https://www.cindyalvarez.com/lean-customer-development/

10
What We Learned

11
Most enterprises have
3+ cloud IaaS platforms
Most have private and
public clouds
Digital transformation is
driving this shift
SAML is focused on SSO
and Authentication
Identity data still needs
to be synchronized
No Identity Metadata
No Identity Lifecycle
No IGA
Need to deploy CSP
identity to use IaaS
platform, or SaaS App
(Office 365)
No visibility across silos
Fragmented across
clouds and across stack
Politics
Security
Economics
Migration Costs
M&A Integration
End of life 2020
Expertise hard to find
Compliance issues
Not compatible with
cloud native
architecture
SAML and
Federated
SSO Doesn’t
Address
Identity Data
Centralizing
Identities Is
Impossible
Legacy
Identity
Software is
Reaching
End of Life
Identity Silos
Are
Propagating
Multiple Clouds
Drives Multiple
Identity
Challenges
A Pattern of Recurring Pain Points

12
Migration and Modernization Use Cases
Move on premises legacy IAM to run on public cloud
IaaS. Retire on premises infrastructure. Low risk but
limited benefits.
Lift and Shift
Move and Improve
Start the process of adopting some cloud native
identity services. Identify so-called strangler patterns
to retire legacy products and/or features.
Hybrid SSO
Extend IDaaS to on premises apps, migrate users,
configurations, and policies from legacy IAM to cloud
and associated on premises gateways.
Cloud Native Identity Services
Begin adopting built in cloud native identity services.
Map to native architecture patterns, tools, and
modern DevOps practices.
Multi Cloud Identity
Define and apply basic patterns for identity services
across multiple public and private cloud platforms.
Establish clear ownership of shared responsibilities.

13
Hybrid Multiple Directories Multiple Policies
OAuth, OIDC, JWT
SCIM, Cookie Based,
HTTP Headers
On-Prem Reverse Proxy Yes
Multi Cloud Multiple Directories Multiple Policies
OAuth, OIDC, JWT
SCIM, SAML
Cloud Proxies Yes
Cloud Native Cloud Directory CSP / IDaaS
OAuth, OIDC, JWT
SCIM, SAML
Cloud Proxy Yes
Move & Improve Simple AD AWS Cognito
OAuth, OIDC, JWT
SCIM, Cookie Based, HTTP
Headers
Cloud Proxy Yes
Lift & Shift Active Directory SiteMinder Cookies & Header Agents or Proxy No
Baseline Active Directory SiteMinder Cookies & Header Agents or Proxy No
Identities Policies Sessions
Integration &
Enforcement
DevOps
A Cloud Identity Maturity Model

14
Why Modernize

15
Legacy Identity Characteristics vs Cloud Requirements
Legacy IAM Cloud
Deployment Model
• Pre-deployed servers for peak capacity
• Bare OS, some virtualization
• Individually edited config files
• Autoscaling
• Containers and orchestrators
• Declarative, immutable configuration
Integration Model
• Static agents for web, Java, .Net apps
• Proprietary APIs
• Proprietary cookies or HTTP Headers
• Sidecars and Nginx proxies
• Opensource tools and documented APIs
• Standards based tokens
User Model
• Single, consolidated user directory
• Distributed directories per cloud
Policy Model
• Static policy evaluation
• Custom deployed MFA
• Adaptive authentication and authorization
• Strong authentication by default

16
How Identity Is Delivered
To Apps In Legacy
Deployments

17
Benefits of Identity Migration and Modernization
Become Cloud Native Save Money Get More Done Faster
Break Lock-In Future Proof Investments Leap To The Cloud
• Adopt cloud native architectures with
an identity capability to match.
• Move to the cloud while extending your
existing identity and policies.
• Focus on digital transformation and
don’t worry about infrastructure.
• Migrating off old technology will save
you operational costs, legacy licensing &
maintenance costs, and infrastructure
expense.
• Automated migration saves you time
and money.
• Look for ways to turn migrations from
complex, multi-quarter initiatives into
quick software powered projects. Knock
off your migration tasks quickly.
• Consider externally sourcing experts so
you don’t have to find and hire rare
talent.
• API abstraction layers give you the
freedom to use the identity system of
your choice.
• Replicate identities, policies,
configurations across platforms.
• Leverage your existing investments in
the cloud through hybrid configurations.
• Extend value-producing apps and
systems to the cloud.
• Sync identities and policies to keep your
hybrid environments orchestrated.
• Determine whether you can make the
jump straight to cloud native.
• Use an incremental migration approach
or move everything straight to a cloud
native design.

18
Lift & Shift or Move & Improve

19
limited benefits.
Lift and Shift
Move and Improve
Hybrid SSO

20
Virtualized Infrastructure
moves from on-premises
deployment to IaaS
service like AWS EC2,
GCP, Azure VM.
Lift and Shift:
Identity and Apps
to IaaS

21
Replace some
elements of
Infrastructure with
IaaS-provided services
like AWS Cognito,
Google Cloud Identity
and Azure AD.
Move and Improve:
Adopting Cloud
Native Identity
Services

22
Becoming Cloud Native

23
limited benefits.
Lift and Shift
Move and Improve
Hybrid SSO
Map to cloud native architecture patterns, tools, and

24
Cloud Native
Identity and Apps
Implement a cloud native
containerized microservices
platform with native identity
microservices provided by cloud
service providers.

25
Identity for Multi Cloud

26
limited benefits.
Lift and Shift
Move and Improve
Hybrid SSO

27
Across Public and
Private Clouds
Seamless identity and application
integration across multiple public
and private clouds.

28
Extending Cloud Native to Hybrid

29
limited benefits.
Lift and Shift
Move and Improve
Hybrid SSO

30
Cloud based IDaaS links
back to on-prem network
to leverage existing
directories and extend
SSO to on-prem apps.
Extending IDaaS
to Hybrid SSO

31
Putting It All Together

32
On A Journey to Modern Identity
Lift and
Shift
Move and
Improve
Hybrid SSOCloud Native
Identity
Services
Multi Cloud
Identity

33
Lift and
Shift
Move and
Improve
Identity
Services
Multi Cloud
Identity

34
Lift and
Shift
Move and
Improve
Hybrid SSOMulti Cloud
Identity
Cloud Native
Identity
Services

35
Lift and
Shift
Move and
Improve
Hybrid SSOMulti Cloud
Identity
Cloud Native
Identity
Services

36
Lift and
Shift
Move and
Improve
Identity
Services
Multi Cloud
Identity

37
Lift and
Shift
Move and
Improve
Identity
Services
Multi Cloud
Identity

38
Takeaways: A Customer Perspective
“We are on this journey, but it has to be incremental. No big bangs!”
“We cannot afford lock in. We need unfettered access to innovation
on each of our cloud platforms.”
“There is a new identity model that is distributed, not centralized.”

Strata helps organizations move off legacy
identity systems and onto modern cloud
native identity systems across multiple clouds
Thank You!

Migrating Identity to Multi Cloud

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Migrating Identity to Multi Cloud

Similar to Migrating Identity to Multi Cloud (20)

Recently uploaded

Recently uploaded (20)

Migrating Identity to Multi Cloud