Content of Figures
- Figure 1 Evolution of IAM over time
- Figure 2 A sample high-level, conceptual architecture for an Identity Fabric.
- Figure 3 Kapstone Modular Decentralized Identity Architecture
- Figure 4 Modular Design of Kapstone's Intelligent Identity Platform (Source: Kapstone)
- Figure 5 Kapstone Provisioning Gateway Context (Source: Kapstone)
Commissioned by Kapstone
1 Introduction / Executive Summary
IT security is an ever-changing landscape that has evolved over time. The IT environment has moved on from the days of on-premises only application and services that ran within an organization's perimeter walls. Federation extended the reach of where identity and access controls reside between divisions with organizations or between partner organizations. The migration to the cloud was driven by ITs need for flexibility, scalability while reducing cost. Organizations with customer-facing applications and services required high scalability and privacy compliance. Now we are seeing a new set of IT environmental and architectural requirements emerging.
Modern IAM/IGA systems should allow customers to build their identity backend for defined services through APIs. These systems need to provide their capabilities regardless of the location of the IT environment, which includes on-premises, private cloud, public cloud, multi-cloud, and hybrid deployment environments. Microservices is a software architectural style that is gaining momentum in IT organizations today. It provides flexibility by being loosely coupled, highly maintainable, and can be tested and deployed independently; microservices blend well with the current agile DevOps methodologies. IAM/IGA solutions delivered as microservices offer a new deployment model that can reduce IAM complexity while increasing scalability.
The level of identity and access intelligence has also become a key differentiator between IGA product solutions, which is the layer over Identity Lifecycle Management and Access Governance that offers business-related insights that support effective IGA related decision making. This includes recommendations for efficient use of roles, risk-based mitigation of access policy violations, automated access reviews, and also the correlation of identity events across disparate systems to derive actionable intelligence. Identity analytics & AI/ML is an important vehicle to achieve visibility into the operational state of IGA processes, such as analyzing the operational data generated by IGA tools to evaluate process maturity and adherence to service quality standards and compliance mandate.
The Identity Fabric concept supports future-oriented organizations in updating their IAM/IGA infrastructure and services and provides a viable foundation for enterprise architectures. These services aim to grant access for everyone (and everything) to every service and system in a controlled manner. As such, they can serve as the conceptual foundation for sustainably transforming existing IAM/IGA infrastructures into a more future-proof technology.
Many organizations are rethinking their IAM and IGA (Identity Governance & Administration, integrated solutions for Identity Lifecycle Management and Access Governance) architecture from various aspects. But organizations can't afford to end up with uncoordinated identity silos across their rapidly developing digital services or wait for their legacy IAM to deliver the identity services they require while increased demands on its compliance with legal and regulatory requirements. IAM/IGA vendors need to provide more modern, flexible, and modular architectures for their solutions to meet the challenges organizations are facing today.
Kapstone is a provider of Autonomous IGA, a cloud-native microservice container-based platform providing modular architecture for achieving Identity transformation in today's hybrid environments . This type of modern architecture gives customers the flexibility to rapidly meet an organization's specific requirements. Kapstone's modular decentralized identity architecture fits nicely into an Identity Fabric framework that supports Digital Transformation.
The IT security environment is continuing to evolve to meet the growing list of requirements
Everything as a service is where everything in the IT w ...Login Get full Access
3 The Ever-Changing IAM/IGA Digital Environment Landscape
It was once said that "The only constant in life is change" (), which is also true of Identity and Access Management (IAM). To get a sense of where ...Login Get full Access
3.1 From Traditional IAM to Federation
Traditionally, the IT environment has run within the walls of their perimeter. IAM solutions were more monolithic and centralized. Identities were man ...Login Get full Access
3.2 The Move to the Cloud
Cloud services gave organizations new options for IT, motivated by the business need to increase IT flexibility and scalability while reducing cost. U ...Login Get full Access
3.3 Looking Beyond B2E and B2B
As organizations began reaching out to their customers and gathering information about the consumers using their products & services, they found that ...Login Get full Access
3.4 Identity APIs
Now we are beginning to see Identity APIs platforms becoming available. This market is driven by the need to meet emerging IT requirements such as hyb ...Login Get full Access
3.5 Identity Governance and Administration (IGA)
When organizations realize that Identity and Access Governance is needed, the question often asked is where does IGA fits into all of this?
The Kupp ...Login Get full Access
4 Balancing the Existing IT Environment with New Requirements
Some of the areas discussed so far are of specific relevance to companies. Small to enterprise-sized organizations may often believe this is enough to ...Login Get full Access
4.1 Shifts in the Market
A trend that is going well beyond Identity and Access Management is that everything is becoming a service. So, we see new solutions running as Softwar ...Login Get full Access
4.2 Overarching Trends Affecting IAM/IGA
Some overarching trends are affecting IAM today. First, we now have this broader notion of Identity and Access Management. IAM is expanding beyond peo ...Login Get full Access
4.3 Moving Towards Standardized Services for Digital Identities
At a high level, Identity Fabrics are how KuppingerCole sees Identity and Access Management environments in the future and how they should be construc ...Login Get full Access
4.4 The Identity Fabric Provides an Identity API Layer
At a high level, organizations today have different types of identities that include more than just employees or even human identities that extend int ...
These Services also need to be delivered in modern architecture, and this may mean building a migration path from what an organization currently has t ...Login Get full Access
5 Kapstone's Modular Decentralized Identity Architecture
Organizations working through its requirements related to the ever-changing application and infrastructure architectures need to take a step back and ...Login Get full Access
5.1 The Kapstone Intelligent Identity Platform
The Intelligent Identity Platform is an abstraction layer that sits on top of multiple sources such as on-premises identity systems, Cloud PaaS, Cloud ...
Remember, Kapstone's Intelligent Identity Platform is a microservice container-based platform. Its modular architecture is one of the principles of th ...Login Get full Access
5.2 The Kapstone Provisioning Gateway
The Kapstone Provisioning Gateway (KP) aligns with the Identity Fabric through its platform's ability to interoperate and integrate with multiple iden ...
Key Features of Kapstone Provisioning Gateway
SaaS solution with Rapid application onboarding through No Code application integration
5.3 Kapstone's Support for Standard APIs, Integrations, & DevSecOps
Another principle of Identity Fabrics is the use of Application Program Interfaces (APIs). APIs are vital to enabling a services-based approach to IAM ...Login Get full Access
There are many factors to consider when approaching Identity Governance and Administration (IGA) in your hybrid IT environment, and KuppingerCole reco ...Login Get full Access