eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The benefits of cloud computing aren’t lost on anyone. However, migrating identities and associated applications from on-premises systems to the cloud can prove daunting.
Along the way, it’s not uncommon to confront issues that devour time, undermine necessary functionality, and produce security risks. While every business is different, it’s important to map out identity migrations carefully to minimize problems.
Know Your Identity
There are two key elements involved in cloud migration projects. The first is migrating user identities and attributes from legacy on-premises systems into cloud-based identity management platforms. Second, apps need to be migrated to use that new cloud identity system for things like authentication and authorization.
These two tasks are linked since apps are tightly coupled with legacy identity systems. Frequently, an enterprise will have all of its identities and user attributes on-premises in directories and databases rather than in the cloud.
Further complicating matters: most organizations will need to maintain co-existence between on-premises and cloud identity systems until the legacy systems can be retired. On-premises systems have identity data, for example complex group memberships or sensitive HR information, needed to control access to cloud apps and services. That sensitive data has not been, and may never be, moved to cloud identity systems. This creates an additional layer of complexity.
The traditional, “big bang” approach to migration is disruptive for both end-users and app owners. Bulk migrations with hard cutover dates tend to require password resets or disruptive changes to the user login experience. Another common obstacle is ensuring the consistency and quality of the data.
For example, most organizations use a mix of identity sources such as Active Directory (AD), LDAP, SQL databases, as well as apps that contain identities. All these data sources need to be rationalized and integrated; this complexity can result in consistency issues. If identity data and accompanying attributes aren’t mapped correctly, an organization can find itself dealing with inappropriate access to apps and services.
Not surprisingly, the need for a big bang approach ratchets up the stakes — and the stress- level. For example, if too many problems occur during the transition, it’s not unusual for an enterprise to do a wholesale reversal to the legacy identity management system.
Worse, some organizations attempt to avoid these problems by simply delaying their migration to the cloud. Frequently, this undermines digital transformation projects designed to improve efficiencies and competitiveness.
Into the Clouds
Conquering these challenges requires a different mindset and different tools. A best practice is to use an abstraction layer, or fabric, to orchestrate the transition between legacy and cloud identity systems. Leveraging a fabric replaces big bang migrations with an agile, incremental transition of identities and applications to your cloud identity system.
In this way, organizations can focus on small batches or cohorts of users, perhaps 50 or 100 users at once, reducing risk because it becomes much easier to identify and resolve problems. The fabric ensures that users, attributes, and credentials are transparently migrated.
As this process unfolds and users begin to access applications using the new cloud identity system, the transition appears seamless to the end-user. While this incremental approach may at first seem slower, in fact, it actually accelerates the move to the cloud.
This approach also makes the coexistence of the identity systems much easier to achieve. The Identity Fabric can route users to the appropriate identity system for each application, preserving the familiar log-in experience that they are accustomed to using.
Essentially, the Identity Fabric acts as a translator between legacy and cloud identity systems and orchestrates all the events taking place. It bridges the apps, logins, tokens, and other elements that can make the cloud migration process so challenging.
This level of orchestration — and the ability to make the migration process transparent to users — can transform chaos into order. This fabric-based approach delivers other benefits, including hardening credentials, seamlessly adding multi-factor authentication (MFA), and greatly simplifying app migrations to the cloud.
For instance, it’s no longer necessary to rewrite apps so that they will function in the cloud and play nice with protocols like OpenID Connect and SAML. Ordinarily, rewriting apps to work with these modern identity systems and standard protocols is so time-consuming and expensive that it blocks all progress.
Forward Thinking
Using a fabric-based architecture for cloud migration can prove transformative. Instead of an enterprise finding itself locked in by applications and vendors, it can break free and embrace a more flexible and agile business and IT framework. Suddenly, migrating applications and user identities to the cloud takes place quickly and efficiently—and there’s better visibility and oversight as an integrated on-premises and cloud framework takes hold.
What’s more, as an organization migrates additional applications and users to the cloud, the incremental benefits add up. Time and cost savings accumulate—while compliance best practices and a true zero-trust security framework become achievable. When all of this happens, the typical pain associated with a migration dissipates and an organization is able to move all of its remaining on-premises identity management functions to cloud-based systems.
About the Author:
Eric Leach is Co-founder and Chief Product Officer of Strata Identity. He has more than 20 years of experience in leading product strategy, go-to-market and innovation for identity management, application security and data protection products at Apcera, Salesforce, Oracle and Sun.