Cloud migration may take a decade or more for many big enterprises. That’s Okay. That’s how long some companies will spend on migrating their apps to the cloud on-premises. The cutover from on-premise to cloud is complicated and time-consuming, leaving most companies in a prolonged state of hybrid cloud limbo, pushing coexistence needs into the near future.We have Hybrid cloud benefits.
While 80 percent of apps and workloads are still on-site, most companies are engaged in some form of digital transformation that drives their transition to the cloud. To name a few, many use three or more public clouds like AWS, Microsoft Azure, and the Google Cloud Platform. In the meantime, some organizations have also developed private clouds on-premises, and almost every company uses SaaS software for its staff, payroll, and HR systems. Cloud adoption and migration are now widespread to all intents and purposes.
Challenges around Hybrid Cloud Identification
This hybrid cloud scenario entails four unique challenges in identity management: multi-cloud identity, identity coexistence, identity migration, and compliance.
- Multi-cloud Identity: Organizations need to handle identity through public and private infrastructures in a multi-cloud environment. Each of these cloud systems carries a built-in identity with it, creating another silo to be controlled. Access policies need to be consistent across the hybrid environment, spanning on-premise as well as apps and users based in the cloud.
- Identity migration: In the meantime, legacy on-site identity schemes have reached their end of life, are unsuitable for new cloud-based applications, and have to be retired. Moreover, transferring an app to the cloud would typically entail rewriting of its code to suit the identity scheme of the destination cloud. Rewriting apps is costly and time-consuming, in particular those with proprietary cookie-based session mechanisms common to traditional Web Access Management (WAM) and Single Sign-On (SSO) systems. Recoding will take months for a new identity program to operate with each app.
- Coexistence of Identity: Although cloud migrations can take years, new systems alongside existing ones also need to be managed. For identity management, this means expanding users of a modern cloud identity system access to apps protected by a legacy identity system. One instance is the need to transparently allow users to sign into a new cloud WAM/SSO system while retaining their ability to access apps secured by a legacy WAM/SSO system on-premises.
- Compliance: Hybrid clouds pose new challenges to compliance, especially concerning reporting, which is complicated by the variety of tools, platforms, and vendors. Today there is no single platform that can collect and analyze data regarding compliance across hybrid clouds.
These four challenges need to be addressed in the context of ongoing cost reduction and ROI scrutiny, making cloud migration projects even more challenging. Yet the horizon is full of good news.
Good Practices for a Hybrid Cloud Environment
The following best practices would allow an organization to build and run apps anywhere by using its preferred identity scheme.
- Enable Access to Internal On-Premise Apps through External Users: Deploy cloud identity to transfer the identities center of gravity to the cloud where helping users outside the firewall is easier. Embrace decentralization, as in a hybrid multi-cloud world, it is not possible to centralize everything. Decentralized identity management can be used to implement secure, multi-cloud access. And connect new cloud WAM systems with legacy WAM, so that cloud-based users can have access to on-premise apps.
- Migrating Apps and Modernizing Identity: Start by mapping identity structures and dependencies across all settings, between apps and identity. Note how apps are bound to the identity system and which process (cookie, headers, SAML, etc.) is used. How are the applications and policies organized? Which users, groups, and roles can access the apps?
- Move and get improved: Instead of merely relocating existing issues with a simple lift and change, using this migration to migrate to new cloud identity a legacy identity program. Don’t pay for two movements; when you migrate to the cloud, switch from legacy to new identity.
- Think Agile: Apply agile methodologies for developing software to cloud migration, start small and iterate quickly.
- Incrementally Migration: Don’t take a big bang approach by trying to make too many changes at once. Manage the on-premise and cloud systems in parallel.
- Integrate Applications with a Framework of Identity to Overcome Lock-In: Use a one-to-many approach to abstraction layer versus binding applications to a single identity scheme would provide flexibility to facilitate future change.
- Look out for Suspicious Credentials: Verify if user credentials are compromised during the migration process, and prune inactive or orphaned accounts to improve security.
- Establish Consistent Identity through Orchestration: Employ container orchestration systems, data orchestration, and other new orchestration technologies for identity.
- Utilize Abstraction: Implement abstraction to normalize the identity and access across various platforms and technologies.
- Investing in and Promoting Open Standards: Open standards such as SAML, OIDC, and SCIM help to ensure policy and identity consistencies. This makes future swapping of identity systems easier.
- Deploy Policy on Coexistence: Start by planning how to sustain the coexistence of both old and new identity systems before retirement of the legacy system is possible. Ensure session systems are consistent with each other in the latest and existing identity schemes. Develop a methodology used by old and new identity systems to support web agents and proxies, and use proxies to relieve the management burden of legacy web agents. Finally, use orchestration to decouple identity infrastructure and automate workflows across a mix of vendors for SSO, MFA, and identity management. The feature gaps of identity systems can be bridged with an orchestration.
Now is the time to address the hybrid cloud-related issues, especially since they relate to security and identity management. Migrating cloud applications can be simplified with the right abstraction and orchestration tools, followed by the aspects listed above.
