PART 1 : What’s Going On with Identity?


MIGRATION

DECEMBER 12, 2019

A Hypothesis

Not long ago, I had lunch with a distinguished colleague (that’s fun to say, isn’t it!), who’s been in the identity space for a very long time. He asked what we’ve been up to, and I replied that I was sorry to disappoint, but we weren’t working on anything that included hot buzzwords. No blockchain, self-sovereign identity, machine learning, artificial intelligence, or robotic process automation.

We shared a laugh.

It’s not that those things aren’t interesting, or useful. But markets can become distracted by shiny new ideas and technologies while customers are still working on the basics —But I am getting ahead of myself.

A few months back, my co-founders Eric Olden, Topher Marie, and I formed a hypothesis that customers were staring down three IAM challenges:

  • Moving to the cloud requires modern identity systems.
  • Customers are (nearly) universally adopting multiple clouds.
  • Legacy IAM systems are aging out and reaching end of life.

We started asking, how can we validate or disprove that hypothesis, and what’s going on with identity in today’s enterprise?

We spent the following several months going through a fairly rigorous lean customer development process. If you haven’t done customer development before, I highly recommend reading Cindy Alvarez’s book, and then going out and asking your customers some simple, open-ended questions. And then just listening.

And that is exactly what we did.

We focused on large enterprises, the kind with recognizable brand names, and started with questions specific to managing workforce identities. We took a two-pronged approach to the conversations. We chatted with folks in IT, responsible for traditional identity and security architecture - in other words, people who “speak identity”. And we met with Cloud Architects responsible for how cloud services are secured and delivered - also known as people who “speak cloud”. We asked them to share with us how they are doing IAM today, how that approach may change over the coming 18-24 months, what is driving those changes, and what pain points they are feeling.


What We Learned

What we discovered is a pattern of five recurring pain points in these large enterprises, industry, identity systems being used, number of users, or number of applications.

Challenges

  • Having multiple clouds drives multiple identity challenges, especially solving identity for a multitude of public and private clouds while keeping pace with the needs of broader digital transformation initiatives.
  • Identity silos are propagating, with identity systems themselves becoming the silos.
  • There is fragmentation and a lack of visibility across the stack.
  • SAML and federated SSO don’t solve the problem of how to keep your identity metadata in sync - so things like configurations, policies, and integrations.
  • Centralizing identities in a highly distributed environment is impossible. Over and over, we heard from customers who described being stuck in a perpetual state of “halfway there” and wondering how they would enforce this centralization when they did manage to complete it.
  • Legacy IAM software is reaching end of life and customers need something to which they can migrate. A migration that takes multiple years and cost millions is an agility killer.

Use Cases

Then we asked what they were doing to solve those challenges. Most reported significant investments in people resources to perform manual tasks, chalking up huge costs to alleviate tactical pains but without moving forward strategic objectives.

Those efforts broke down into the following five use cases.

  • Lift and shift from on-premises to the cloud.
  • Move and improve by starting to pick up some cloud native identity services.
  • Adoption of cloud native identity services, using modern patterns like containers, orchestration engines, microservices, and devops practices.
  • Implementing cloud native identity across multiple clouds.
  • Extending cloud native identity and Identity as a Service platforms to hybrid SSO.

What We’ll Cover in This Series

Originally, this was planned as a single, standalone post to share the outcome of our customer development exercise. But I quickly realized that to do justice to each challenge and to cover the use cases in sufficient detail would requre a series of posts. So this became the first in a series where I’ll cover:

  • The reasons customers are modernizing their identity system
  • How they decided whether to lift and shift or move and improve
  • What getting to cloud-native identity looks like and how to do that for multi cloud
  • What the realities of hybrid identity and SSO are today

I also did a webinar on this topic, and the recording is available here.

Eric Leach
CPO, Cofounder