KuppingerCole Report
Architecture Blueprint
By M. Reinwarth

Identity and Access Management

IAM has been one of the central security infrastructures for many years. The changing role and importance of digital identities lead to fundamental changes in IAM architectures. The challenges for a future proof IAM are complex, diverse and sometimes even conflicting. Organization demand for a blueprint to design and implement efficient and durable IAM architectures that meet current and future requirements need to follow a sustainable yet dynamic architectural design.
By
mr@kuppingercole.com

Content of Figures

  1. Figure 1 Overview: Leveraging KuppingerCole advice for individual target architectures
  2. Figure 2 The KuppingerCole IAM / IAG Reference Architecture
  3. Figure 3 IAM / IAG Reference Architecture – Core building blocks
  4. Figure 4 IAM / IAG Reference Architecture – Extended IAM building blocks
  5. Figure 5 IAM / IAG Reference Architecture – IAM-related building blocks
  6. Figure 6 Logical view of the Identity Fabric: A distributed, yet standardized approach for managing all identities
  7. Figure 7 The Identity Fabric - Connecting every user to any service
  8. Figure 8 Service Layers for abstracting backend services and applications leveraging an identity API layer
  9. Figure 9 Illustration of microservices as part of an orchestrated architectural design in different deployment models
  10. Figure 10 Illustration of the isolation and integration of identities, applications and data
  11. Figure 11 Apply portfolio management methods to rate your current and future Cybersecurity tool portfolio
  12. Figure 12 Connecting legacy capabilities with new digital services

1 Introduction

As we are approaching the 2020s, Identity and Access Management (IAM) has already been implemented and deployed in many companies for decades. The man ...

Login Free 30-day Select Access Get full Access

2 Towards future proof IAM architectures

The central starting point for the design of an individual IAM architecture is, of course, the identification of individual, organization-related requ ...

Login Free 30-day Select Access Get full Access

3 Foundation: The KuppingerCole IAM/IAG Reference Architecture

The KuppingerCole IAM/IAG Reference Architecture provides a comprehensive and evolving foundation for deriving and implementing standardized, yet adeq ...

The building blocks are categorized as

  • indispensable (Core IAM),
  • complementary (Extended IAM) and
  • peripheral (IAM related IT),

which a ...

Extended IAM components include:

IAM-related components include:

Login Free 30-day Select Access Get full Access

4 Identity Fabric - Connecting everyone to every service

You don't have to go back far in time to get to a rather limited number of access paths between users and IT systems: Employees used systems within th ...

Those days are gone, and we have to adapt are IT and our IAM accordingly: Enterprises have evolved since then and so has the way we leverage digital b ...

Digital Identities are moving to the center of attention in this transformation. The assumption that previously independent identities (employees, cus ...

Login Free 30-day Select Access Get full Access

5 Facilitating the Identity Fabric: Functional, logical and operational partitioning

Due to the rapidly growing spread of cloud and mobile computing, companies are becoming increasingly networked with each other. The very idea of an ou ...

Login Free 30-day Select Access Get full Access

5.1 Identity as a Set of Services: Service Orientation

Real-world IAM architectures consist of technical components that implement services whose functionality is based on the building blocks described in ...

This robust and versatile layer concept allows to ensure secure consistent back-end services, independent of where they are actually provided within a ...

Login Free 30-day Select Access Get full Access

5.2 Agile, fine-grained and isolated delivery: Microservices and containers

Identity Fabrics are designed to integrate these services regardless of where they are provided, i.e. anywhere between on-premises, hybrid, public or ...

Login Free 30-day Select Access Get full Access

5.3 Separating identities, applications and data: Logical boundaries and governance

The path to the Identity Fabric requires changes in the way applications deal with identities and data as the processed payload, at the latest in the ...

Login Free 30-day Select Access Get full Access

6 Deriving individual, tailor-made target IAM architectures

Considering the effort and the role for the entire company, an IAM in the role and characteristics described up to now can no longer be compared with ...

Portfolio management methods have proven effective in identifying appropriate building blocks for solutions. You can use them to evaluate alternative ...

The immediate benefit is obvious: The transformation into an Identity Fabric has the particular goal of enabling the accelerated implementation of mis ...

Login Free 30-day Select Access Get full Access

7 Recommendations

This IAM blueprint enables businesses to rapidly deliver to the need of new digital services, while gradually integrating with the legacy IAM. The way ...

Login Free 30-day Select Access Get full Access

8 Related Research

Survey: State of Organizations: Does Their IAM Meet Their Needs in the Age of Digital Transformation? – Summary – 74003
Advisory Note: GRC Refere ...

Login Free 30-day Select Access Get full Access

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top