KuppingerCole Report
By Richard Hill

Modular Decentralized Identity Architecture

A trend compelling IGA modernization is the need for an Identity driven security model; due to identity silos created by rapid cloud adoption. As organizations rethink their IAM/IGA systems, they may also need to utilize their existing systems while re-architecting their security environment to support new requirements. Keeping what it already has and having the ability to gradually migrate from these legacy systems to what it wants in the future using modern software architecture is pivotal. An Identity Fabric provides the agility and the integration support for what organizations already have while allowing organizations to move ahead at their own speed.

Commissioned by Kapstone

1 Introduction / Executive Summary

IT security is an ever-changing landscape that has evolved over time. The IT environment has moved on from the days of on-premises only application and services that ran within an organization's perimeter walls. Federation extended the reach of where identity and access controls reside between divisions with organizations or between partner organizations. The migration to the cloud was driven by ITs need for flexibility, scalability while reducing cost. Organizations with customer-facing applications and services required high scalability and privacy compliance. Now we are seeing a new set of IT environmental and architectural requirements emerging.

Modern IAM/IGA systems should allow customers to build their identity backend for defined services through APIs. These systems need to provide their capabilities regardless of the location of the IT environment, which includes on-premises, private cloud, public cloud, multi-cloud, and hybrid deployment environments. Microservices is a software architectural style that is gaining momentum in IT organizations today. It provides flexibility by being loosely coupled, highly maintainable, and can be tested and deployed independently; microservices blend well with the current agile DevOps methodologies. IAM/IGA solutions delivered as microservices offer a new deployment model that can reduce IAM complexity while increasing scalability.

The level of identity and access intelligence has also become a key differentiator between IGA product solutions, which is the layer over Identity Lifecycle Management and Access Governance that offers business-related insights that support effective IGA related decision making. This includes recommendations for efficient use of roles, risk-based mitigation of access policy violations, automated access reviews, and also the correlation of identity events across disparate systems to derive actionable intelligence. Identity analytics & AI/ML is an important vehicle to achieve visibility into the operational state of IGA processes, such as analyzing the operational data generated by IGA tools to evaluate process maturity and adherence to service quality standards and compliance mandate.

The Identity Fabric concept supports future-oriented organizations in updating their IAM/IGA infrastructure and services and provides a viable foundation for enterprise architectures. These services aim to grant access for everyone (and everything) to every service and system in a controlled manner. As such, they can serve as the conceptual foundation for sustainably transforming existing IAM/IGA infrastructures into a more future-proof technology.

Many organizations are rethinking their IAM and IGA (Identity Governance & Administration, integrated solutions for Identity Lifecycle Management and Access Governance) architecture from various aspects. But organizations can't afford to end up with uncoordinated identity silos across their rapidly developing digital services or wait for their legacy IAM to deliver the identity services they require while increased demands on its compliance with legal and regulatory requirements. IAM/IGA vendors need to provide more modern, flexible, and modular architectures for their solutions to meet the challenges organizations are facing today.

Kapstone is a provider of Autonomous IGA, a cloud-native microservice container-based platform providing modular architecture for achieving Identity transformation in today's hybrid environments . This type of modern architecture gives customers the flexibility to rapidly meet an organization's specific requirements. Kapstone's modular decentralized identity architecture fits nicely into an Identity Fabric framework that supports Digital Transformation.

2 Highlights

The IT security environment is continuing to evolve to meet the growing list of requirements

Everything as a service is where everything in the IT w ...

Login Get full Access

3 The Ever-Changing IAM/IGA Digital Environment Landscape

It was once said that "The only constant in life is change" (), which is also true of Identity and Access Management (IAM). To get a sense of where ...

Login Get full Access

3.1 From Traditional IAM to Federation

Traditionally, the IT environment has run within the walls of their perimeter. IAM solutions were more monolithic and centralized. Identities were man ...

Login Get full Access

3.2 The Move to the Cloud

Cloud services gave organizations new options for IT, motivated by the business need to increase IT flexibility and scalability while reducing cost. U ...

Login Get full Access

3.3 Looking Beyond B2E and B2B

As organizations began reaching out to their customers and gathering information about the consumers using their products & services, they found that ...

Login Get full Access

3.4 Identity APIs

Now we are beginning to see Identity APIs platforms becoming available. This market is driven by the need to meet emerging IT requirements such as hyb ...

Login Get full Access

3.5 Identity Governance and Administration (IGA)

When organizations realize that Identity and Access Governance is needed, the question often asked is where does IGA fits into all of this?

The Kupp ...

Login Get full Access

4 Balancing the Existing IT Environment with New Requirements

Some of the areas discussed so far are of specific relevance to companies. Small to enterprise-sized organizations may often believe this is enough to ...

Login Get full Access

4.1 Shifts in the Market

A trend that is going well beyond Identity and Access Management is that everything is becoming a service. So, we see new solutions running as Softwar ...

Login Get full Access

4.2 Overarching Trends Affecting IAM/IGA

Some overarching trends are affecting IAM today. First, we now have this broader notion of Identity and Access Management. IAM is expanding beyond peo ...

Login Get full Access

4.3 Moving Towards Standardized Services for Digital Identities

At a high level, Identity Fabrics are how KuppingerCole sees Identity and Access Management environments in the future and how they should be construc ...

Login Get full Access

4.4 The Identity Fabric Provides an Identity API Layer

At a high level, organizations today have different types of identities that include more than just employees or even human identities that extend int ...

These Services also need to be delivered in modern architecture, and this may mean building a migration path from what an organization currently has t ...

Login Get full Access

5 Kapstone's Modular Decentralized Identity Architecture

Organizations working through its requirements related to the ever-changing application and infrastructure architectures need to take a step back and ...

Login Get full Access

5.1 The Kapstone Intelligent Identity Platform

The Intelligent Identity Platform is an abstraction layer that sits on top of multiple sources such as on-premises identity systems, Cloud PaaS, Cloud ...

Remember, Kapstone's Intelligent Identity Platform is a microservice container-based platform. Its modular architecture is one of the principles of th ...

Login Get full Access

5.2 The Kapstone Provisioning Gateway

The Kapstone Provisioning Gateway (KP) aligns with the Identity Fabric through its platform's ability to interoperate and integrate with multiple iden ...

Key Features of Kapstone Provisioning Gateway

  • SaaS solution with Rapid application onboarding through No Code application integration

  • Inte ...

Login Get full Access

5.3 Kapstone's Support for Standard APIs, Integrations, & DevSecOps

Another principle of Identity Fabrics is the use of Application Program Interfaces (APIs). APIs are vital to enabling a services-based approach to IAM ...

Login Get full Access

6 Recommendations

There are many factors to consider when approaching Identity Governance and Administration (IGA) in your hybrid IT environment, and KuppingerCole reco ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.