Antifragile Identity for a Multicloud World
Nassim Taleb in his book The Black Swan describes game-changing events that occur randomly and infrequently while proposing a theory on how building robustness into systems will allow them to withstand shocks when the unforeseen happens. He was referring to the banking system, but the same concept applies to technology.
Most applications are brittle and do not react well to major technology shifts. For enterprise technology to avoid obsolescence, we need to design systems that not only survive stress but thrive under it. Technology that is agile and adaptable, and has the ability to improve under stress displays a concept Taleb calls antifragility. According to Taleb’s theory, fragile breaks under stress while antifragile improves under it like a bodybuilder who breaks down muscle to regrow more.
How does technology improve under stress? Let’s consider the transformational multicloud approach to enterprise computing. Since multiclouds created new stress, namely managing applications across different cloud platforms, this spawned a response: Kubernetes. This orchestration technology (originally developed by Google) automates the management of complex distributed containerized apps. Its usefulness, agility, and flexibility to address this particular challenge cannot be disputed.
Making Identity Antifragile for the Cloud
With the increasing adoption of multicloud architectures, traditional centralized identity management is coming under stress. To keep up, a next-generation approach to identity is needed that is antifragile.
The key to making identity antifragile in a multicloud world is decentralization. Here’s why:
- Decentralized identity is convex, not concave in response to stress.
- It provides built-in redundancy across multiple clouds.
- Small errors can be absorbed with an agile mindset and small stories (more on this later).
Convex Versus Concave Identity
Taleb states that systems can have either a positive, neutral or negative response to stressors. These can be shown as curves that are convex in the case of antifragile systems that get better with stress. Or fragile concave curves that get worse with stress.
Stressors that affect identity are multiplied and amplified in multicloud environments. This is because each cloud requires its own built-in centralized identity system. Centralized identity doesn’t scale linearly, as limits in any one system will eventually lead to a single point of failure. On the other hand, decentralized identity scales exponentially as more identity domains are added.
The following table shows a comparison of how centralized and decentralized identities respond to various stressors as we explore the concept of fragility versus antifragility.
| Centralized Identity | Decentralized Identity |
| Scalability limited | Scalability unlimited |
| Identity management manual and redundant | Identity management automated through orchestration |
| Greater risk as identity data and access policies proliferate | Compartmentalizes risk while unifying silos with common management |
| Lock-in from 1:1 identity integration | Breaks lock-in using 1: Any integration |
Redundancy Is Built-In
In engineering, redundancies are often intentionally designed into a system. By duplicating critical components, if one fails, the other can act as a back-up and keep the system working. Numerous lives have been saved because airplanes have redundant everything — spark plugs, fuel pumps, computer systems, even engines.
Modern cloud architectures use stateless containerized microservices that provide horizontal scale-out across lots of redundant compute nodes. If one fails then others pick up the work and the failed unit is recycled. Further redundancy is achieved by having identity that works across different clouds, platforms, and vendors. If one identity provider fails then it’s possible to switch over to an alternative.
Small Errors
According to Taleb, to achieve antifragility in systems we need to stop trying to systematically remove uncertainty and randomness in order to gain the benefits associated with the “trial and error of antifragility”. This involves ignoring small dangers and embracing small stressors; while accepting there will be continual entropy.
In decentralized identity, we think about quickly correctable changes that come from an agile mindset and processes. We can reduce risk by managing compartmentalized access per identity domain and the identity control plane, and approaching migrations incrementally using coexistence.
Conclusion
To meet the needs of multicloud environments we need an antifragile, transformational approach to identity management. Using a decentralized model, built on the well-proven concepts of abstraction and virtualization will allow us to support coexistence and a gradual migration from end-of-life legacy identity management to new infrastructures that are natively built for a multicloud world.
Feature image via Pixabay.
At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: feedback@thenewstack.io.