Eliminating Identity as a Single Point of Failure in the Cloud


Posted on by Ben Robertson

Cloud adoption is a game-changer for organizations of all sizes. Cutting costs, scaling more effectively, and improving overall efficiency and competitiveness are just some of the top-level benefits. However, with the widespread usage, new challenges have arisen. A big one that can threaten operational security is identity resilience in the cloud.

Businesses are left vulnerable when a cloud-based identity provider (IDP) experiences a failure, resulting in users being unable to access their accounts and various systems and services becoming unavailable. As a result, when a critical system goes down, it may become impossible for people and devices to authenticate and access applications across the technology stack.

Eliminating identity as a single point of failure in the cloud is key to improving identity resilience. However, this requires rethinking identity management to better fit today’s requirements. Having a cutover plan that abstracts identity from applications and IDPs helps to ensure higher availability, improved consistency, simplified administration, and better security.

Rethinking Identity

A vital first step is to recognize that identity management in the cloud touches almost every organization in one form or another. Cloud identity providers enable fast, secure access to applications, but their outages can impact critical resources. Microsoft Azure, Google Cloud Identity, and Okta have each experienced outages in recent years, disrupting numerous businesses.

Since a user’s identity often resides in one cloud platform, the authorization engine and rules for identity management and authentication frequently exist in one system. If a critical failure occurs—and a system can’t reach the authorization engine—a wide range of services and features can grind to a halt.

Despite any claims of resiliency and redundancy by cloud IDPs, the reliance on a centralized authentication system can still create a single point of failure. Unfortunately, most apps aren’t designed to fall back to a secure form of backup authentication. The result can be a major disruption—and often a complete interruption—for those attempting to log in.

The Importance of a Continuity Plan

Developing an identity continuity plan prior to migrating and modernizing applications to the cloud can help with resilience. By establishing a layer of control that has centralized administration but distributed availability and enforcement, organizations can improve performance, reduce latency, and enhance reliability, which ultimately improves the user experience and ensures continuous access to critical applications.

Using an abstraction layer to separate identity from applications can enable the introduction of policy logic that triggers the system to switch to a backup password solution or a security key, even at a different cloud provider that remains operational. This means that the identity framework can continue to function even when a cloud service fails, ensuring continuous access to critical resources and improving overall identity resilience in the cloud.

Bringing identity services and enforcement closer to the application can also have a significant positive impact on the user experience. By enabling policy enforcement and authentication to be handled in a distributed fashion, organizations can improve the speed and performance of their users’ journeys, resulting in faster and more seamless access to critical resources.

Elevating Authentication

Organizations that adopt a more advanced and distributed identity services framework are better prepared to navigate the complex multi-cloud environments of today. The benefits of such a framework extend across three broad areas:

Consistency: An identity administration model that can be deployed in distributed environments provides controls that allow an organization to maintain a far more consistent and dependable user experience—particularly when a cloud IDP fails or simply isn’t accessible due to an outage or natural disaster. 

Security: It’s also possible to improve security through this abstracted identity management model. Specific tools and mechanisms that an enterprise uses to authenticate users are all in one place. This makes key technologies like MFA, passwordless authentication, analytics, identity proofing, and risk profiling easier to manage all in one place. An indirect benefit, through improved controls and enforcement, is an ability to thwart ransomware, fraud, and types of cyberattacks that rely on identity theft and unauthorized access to sensitive information.

Administration: Security and Identity teams also benefit from this model because their job is simplified. Tasks such as logging, monitoring, and compliance take place in a more orchestrated and manageable way. As a result, teams can approach identity management and myriad other tasks more strategically. This helps cut costs and improve performance over the long run.

Organizations can build a strong foundation for agility and flexibility through abstracted identity controls and enforcement. This approach allows enterprises to maintain business continuity in the event of cloud outages.

Contributors
Ben Robertson

Principal Solutions Architect, Strata Identity

Identity

access control authentication cloud security identity management & governance

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs