If you’ve been listening to software vendors in the identity space lately, you’ll have noticed that “unified” has quickly become the buzzword everyone is adopting to describe their wallet. And that’s great! Unified identity has some amazing benefits!
However (there’s always a however, right?) not all “unified” “security” “identity” “platforms” are created equal. Some vendors call the combination of workforce IDaaS and customer IDaaS a unified identity solution, while others offer a glorified 2FA service, unified only in the minds of their marketers.
Your landscaping matters!
So forget for a moment what the sellers claim and think again your organization e your identity security landscape. Consider this new definition: “unified” is that which has the ability to consolidate your identity challenges with a comprehensive identity solution.
Here’s an example: You’re responsible for the identity infrastructure of a large hospital. Frontline workers, administrative employees, audit/compliance needs and a large number of external users. You are using Active Directory and the LOB application is not doing identity. For this hospital, the unified identity means strong access management for customers and frontline workers, strong management of incoming, outgoing and exiting employees, strengthened CEO and enterprise-level reporting. Anything less falls short of the unified promise and means their internal identity landscape remains fractured.
Another example: a small software development studio. They need very strong controls over Privileged Access Management (PAM) to protect the development pipeline and ensure they do not become the initial attack vector in a supply chain attack. But they also need Identity Governance and Administration (IGA) for the machine entities and their owners, who work on the many automated tasks they perform. A solution that covers PAM and IGA independently of each other is not unified.
What is the value of unified identity anyway?
So why has “unified identity” become such a hot buzzword? Well, there are some really good arguments about that. Traditionally, the identity space was very fractured, and many experts didn’t even consider it a single market until quite recently. Identity Governance and Administration (IGA), Access Management (AM), and Privileged Access Management (PAM) were the key submarkets, with a broad range of adjacent spaces such as AD bridging and endpoint privilege management.
The key to a unified identity is this extreme fragmentation: a large organization has on average 45 different security tools. Added to this is identity sprawl, a trend in which organizations continue to have more and more identity silos internally: a survey by One Identity shows that half of organizations use more than 25 different systems to manage access rights. This is simply not sustainable and adding a new tool every time a new threat approaches is completely impractical. So organizations are looking to consolidate suppliers, reduce complexity and reduce the number of suppliers they work with. The benefits of a unified identity platform are a better approach to cybersecurity and greater resilience in the face of security threats, while increasing simplicity and enabling agility.
Another reason is the cost of turnover: bundles, quantity discounts and ELA are an easy way to reduce costs. Vendor consolidation also results in less obvious savings: a single technology stack helps close the skills gap, alleviating stress on hiring and training, which in turn means significant savings on headcount and can reduce the need for senior staff highly skilled, creating more value from security with fewer resources or, in other words, working smarter and not harder.
Integration is a key aspect of the identity landscape – and one of the biggest headaches. Security tools need to work together seamlessly, but this is rarely a given. The industry doesn’t like common standards, which makes interoperability very difficult to achieve. With some effort (i.e. customization, support hours, and overhead) identity solutions can work together as a pair, but creating a complete ecosystem of identity tools that work seamlessly together is a rare achievement. It’s easy to see the value a unified identity platform brings. The tools are pre-tested, pre-validated to work together, typically without any customization required, and the platform components are supported as a whole by the vendor.
This brings us to the final advantage: a faster time to value, an expression worthy of any MBA graduate. Identity and access management (IAM) projects are notorious for taking a long time to implement, as specialists meticulously formalize business processes and implement them in code or configuration. In large organizations, this is an incredibly complex task, as the IAM configuration must reflect every aspect (and quirk) that the company has developed, sometimes over decades. Implementations become so complex that they simply fail: the costs and time exceed the patience of business leaders. Simply put: time to value matters in IAM. Additionally, a unified identity solution eliminates the complexity of the multi-vendor approach, eliminating at least one factor.
After these advantages, let’s talk about a disadvantage: supplier lock-in. The unified identity sounds wonderful, but betting your house on a single provider is a tall order. What if you already have some solutions that you are happy with? It’s important to remember that not all unified identity providers are created equal; Some vendors offer modular identity platforms that let you keep what you want and unify what you need. This approach allows customers to initiate unification at any time (e.g. with PAM) without the need to embrace and implement all areas in one big step. When choosing suppliers, look for this flexible approach.