If you’ve listened to software vendors in the identity space lately, you’ll have noticed that “unified” has quickly become the buzzword everyone uses to describe their product portfolios. This is great! Unified identity has some amazing benefits!
However (there’s always a but, right?) not every “unified” “identity” “security” “platform” is created equal. Some vendors refer to the combination of workforce IDaaS and customer IDaaS as a unified identity solution, while others offer glorified 2FA services – unified only in the minds of marketers.
Your landscape matters!
So forget what the supplier says for a moment and think back your organization and your The identity security landscape. Consider this new definition: Unified can solidify your identity challenges with a complete identity solution.
Here’s an example: You are responsible for the identity infrastructure of a large hospital. Frontline staff, administrative staff, audit/compliance needs, and a host of external users. You are using Active Directory and your LOB application does not perform authentication. For this hospital, a unified identity means strong access management for customers and frontline staff, powerful onboarding-offboarding-action processing, AD hardening, and enterprise-wide reporting. Failure to do so fails to deliver on the promise of unity and means that their internal identity landscape remains fragmented.
Another example: a small software development studio. They need additional strong controls over privileged access management (PAM) to protect development pipelines and ensure they don’t become the initial attack vector in a supply chain attack. But they also need identity governance and management (IGA) of the machine entities and their owners to handle the many automated tasks they are running. Solutions covering PAM and IGA independently of each other are not unified.
What is the value of unified identity?
So why has “unified identity” become such a hot buzzword? Well, there are some very good arguments. Traditionally, the identity space has been very fragmented, with many experts not viewing it as a single market until recently. Identity Governance and Administration (IGA), Access Management (AM), and Privileged Access Management (PAM) are key submarkets with broad adjacent spaces such as AD bridging and endpoint privilege management.
The key driver of unified identity is this extreme fragmentation: a large organization has an average of 45 different security tools. In addition, identity creep is also a trend, with more and more identity silos within organizations – a One Identity survey revealed that half of organizations are using more than 25 different systems to manage access rights. This is simply unsustainable, and adding new tools every time a new threat emerges simply doesn’t work. As a result, organizations are looking to consolidate suppliers, reduce complexity and reduce the number of suppliers they work with. The benefits of a unified identity platform are a better cybersecurity posture and greater resiliency in the face of security threats, while increasing simplicity and agility.
Another reason is top-line costs: bundling, volume discounts, and ELAs are easy ways to reduce costs. Supplier consolidation also brings some less obvious savings: a single technology stack helps close skills gaps and eases the pressure on recruiting and training, which in turn means significant headcount savings and potentially less need for well-trained personnel. The needs of senior employees, thereby creating more value while ensuring safety with fewer resources, or in other words, working smarter rather than harder.
Integration is a key aspect of the identity landscape and one of its most vexing issues. Security tools need to work together smoothly, but this is rarely taken for granted. The industry is not keen on common standards, making interoperability difficult to achieve. With some effort (meaning customization, support time, and expense), identity solutions can work together in pairs, but creating a complete ecosystem of identity providers that work perfectly together is a rare achievement. It’s easy to see the value a unified identity platform brings here. These tools are pre-tested and pre-validated to work together, typically without any customization, and the platform components are supported as one by the vendor.
This brings us to the ultimate benefit: faster time to value, an expression any MBA graduate deserves. Identity and Access Management (IAM) projects are known for their long implementation times as experts carefully formalize business processes and implement them as code or configurations. In large organizations, this is an extremely complex task, as the IAM setup needs to reflect every aspect (and quirks) of the business that has been established—sometimes for decades. Implementations become so complex that they ultimately fail—cost and time overruns that exceed the patience of business leaders. In short: time to value matters in IAM. A unified identity solution removes the complexity of a multi-vendor approach, eliminating at least one factor.
With those benefits out of the way, let’s talk about the drawbacks: vendor lock-in. A unified identity sounds great, but betting on a single vendor is a tall order. What if you already have some solutions that you’re happy with? It’s important to remember that not all unified identity providers are the same; some offer modular identity platforms that allow you to keep what you want and unify what you want. This approach enables customers to start unifying (e.g. using PAM) at any time without having to embrace and implement all areas at once. When choosing a supplier, look for this flexible approach.
