TNS
VOXPOP
What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
0%
Super-fast S3 Express storage.
0%
New Graviton 4 processor instances.
0%
Emily Freeman leaving AWS.
0%
I don't use AWS, so none of this will affect me.
0%
Cloud Services / Security

Antifragile Identity for a Multicloud World

Most applications are brittle and do not react well to major technology shifts. For enterprise technology to avoid obsolescence, we need to design systems that not only survive stress but thrive under it.
Jul 2nd, 2020 12:00pm by
Featued image for: Antifragile Identity for a Multicloud World

Eric Olden
Eric Olden, CEO of Strata Identity, has made a career out of simplifying and securing enterprise identity management. He founded, scaled, and successfully exited both Securant/ClearTrust (Web Access Management) and Symplified, (the first IDaaS company). Recently Eric served as SVP and GM at Oracle, where he ran the identity and security business worldwide and was responsible for product development, go to market, and partnerships. As a technologist, he was a co-author of the SAML standard, created the first pre-integrated SSO platform, and is the visionary behind the Identity Fabric.

Nassim Taleb in his book The Black Swan describes game-changing events that occur randomly and infrequently while proposing a theory on how building robustness into systems will allow them to withstand shocks when the unforeseen happens. He was referring to the banking system, but the same concept applies to technology.

Most applications are brittle and do not react well to major technology shifts. For enterprise technology to avoid obsolescence, we need to design systems that not only survive stress but thrive under it. Technology that is agile and adaptable, and has the ability to improve under stress displays a concept Taleb calls antifragility. According to Taleb’s theory, fragile breaks under stress while antifragile improves under it like a bodybuilder who breaks down muscle to regrow more.

How does technology improve under stress? Let’s consider the transformational multicloud approach to enterprise computing. Since multiclouds created new stress, namely managing applications across different cloud platforms, this spawned a response: Kubernetes. This orchestration technology (originally developed by Google) automates the management of complex distributed containerized apps. Its usefulness, agility, and flexibility to address this particular challenge cannot be disputed.

Making Identity Antifragile for the Cloud

With the increasing adoption of multicloud architectures, traditional centralized identity management is coming under stress. To keep up, a next-generation approach to identity is needed that is antifragile.

The key to making identity antifragile in a multicloud world is decentralization. Here’s why:

  1. Decentralized identity is convex, not concave in response to stress.
  2. It provides built-in redundancy across multiple clouds.
  3. Small errors can be absorbed with an agile mindset and small stories (more on this later).

Convex Versus Concave Identity

Taleb states that systems can have either a positive, neutral or negative response to stressors. These can be shown as curves that are convex in the case of antifragile systems that get better with stress. Or fragile concave curves that get worse with stress.

Stressors that affect identity are multiplied and amplified in multicloud environments. This is because each cloud requires its own built-in centralized identity system. Centralized identity doesn’t scale linearly, as limits in any one system will eventually lead to a single point of failure. On the other hand, decentralized identity scales exponentially as more identity domains are added.

The following table shows a comparison of how centralized and decentralized identities respond to various stressors as we explore the concept of fragility versus antifragility.

 

Centralized Identity Decentralized Identity
Scalability limited Scalability unlimited
Identity management manual and redundant Identity management automated through orchestration
Greater risk as identity data and access policies proliferate Compartmentalizes risk while unifying silos with common management
Lock-in from 1:1 identity integration Breaks lock-in using 1: Any integration

Redundancy Is Built-In

In engineering, redundancies are often intentionally designed into a system. By duplicating critical components, if one fails, the other can act as a back-up and keep the system working. Numerous lives have been saved because airplanes have redundant everything — spark plugs, fuel pumps, computer systems, even engines.

Modern cloud architectures use stateless containerized microservices that provide horizontal scale-out across lots of redundant compute nodes. If one fails then others pick up the work and the failed unit is recycled. Further redundancy is achieved by having identity that works across different clouds, platforms, and vendors. If one identity provider fails then it’s possible to switch over to an alternative.

Small Errors

According to Taleb, to achieve antifragility in systems we need to stop trying to systematically remove uncertainty and randomness in order to gain the benefits associated with the “trial and error of antifragility”. This involves ignoring small dangers and embracing small stressors;  while accepting there will be continual entropy.

In decentralized identity, we think about quickly correctable changes that come from an agile mindset and processes. We can reduce risk by managing compartmentalized access per identity domain and the identity control plane, and approaching migrations incrementally using coexistence.

Conclusion

To meet the needs of multicloud environments we need an antifragile, transformational approach to identity management. Using a decentralized model, built on the well-proven concepts of abstraction and virtualization will allow us to support coexistence and a gradual migration from end-of-life legacy identity management to new infrastructures that are natively built for a multicloud world.

Feature image via Pixabay.

At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: feedback@thenewstack.io.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.