Word Notes 6.3.22
Ep 103 | 6.3.22

Identity fabric (noun)


Rick Howard: The word is: Identity fabric

Rick Howard: Spelled: Identity as in a user with a set of permissions, and fabric as in a set of connected technologies that work together to achieve some goal

Rick Howard: Definition: A set of services for managing identity and access management, or IAM across all of an organization's data islands. 

Rick Howard: Example sentence: Identity fabrics are not necessarily based on a technology, tool, or cloud service, but a paradigm for architecting identity and access management within an enterprise. 

Rick Howard: Origin and context: Zero Trust is a cybersecurity first principle strategy and a key and essential component of any Zero Trust program is identity. You can't very well limit access to material data for your organization based on need to know if you have zero telemetry on the employees, contractors, and services, trying to access it and whether or not they are authorized to do so.

Rick Howard: Managing identity was hard enough a decade ago when all of the material, data and services were behind a big electronic perimeter that we all managed ourselves. Today though, more and more of our material data and workloads are scattered across several databases: traditional data centers, cloud networks, SaaS applications, and mobile devices.

Rick Howard: Because of those developments this past decade, managing identity has become exponentially more complicated. Instead of just managing your organization's User ID and passwords, there is an entire fabric of identity services that have to work seamlessly across all of those data islands. 

Rick Howard: Key pieces of the fabric include identity and access management or IAM, Identity Governance and Administration or IGA, privileged access management or PAM P A M, and Customer Identity and Access Management Or CIAM C I A M. 

Rick Howard: All of these components have to work on each data island with standard protocols like SAML and 0auth, and have to tie into your multi-factor authentication and adaptive authentication processes. The identity fabric is all of these things. 

Rick Howard: Nerd reference: In a webinar in May of 2022, Martin Kuppinger, one of the founders of KuppingerCole analysts, Matthias Reinwarth discuss the current marketplace of identity fabrics.

Rick Howard: The background music is supplied by a lovely songbird who just couldn't get a word in edgewise between these two guys. Martin speaks first.

Martin Kuppinger: We have to find this concept of identity fabrics a couple of years ago as a comprehensive approach on all of identity management. Identify fabrics are a model, a concept. They help organizations to build their fabric in the sense of a mesh or of a production line, it could be both. It is both in fact, across all of the identity services. 

Matthias Reinwarth: So these are the products that organizations should look at when they start on the journey or are updating the platform as a whole, to have hopefully broad coverage of what we consider to be individual building blocks within our reference architecture within the identity fabric, so it's, IAM plus IGA plus a bit of PAM. 

Martin Kuppinger: I think that fits quite well. It would be very unusual if you just used one tool to do it all, but it's a smart idea to have few sort of main building blocks, one or two or three and then complemented with the highly specific capabilities, that are not delivered by these solutions. 

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik, and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.