What is identity fabric?

Identity fabric refers to a comprehensive approach for managing identities across various platforms, applications and devices. The threads of an identity fabric represent the various Identity & Access Management (IAM) tools and solutions that are intricately woven together to form a converged identity management system.

Identity fabric is not an all-in-one tool or service, but a framework to integrate different IAM solutions as a cohesive whole. This approach makes it easier for organizations to implement authentication and authorization for all identities (including general users, privileged accounts and third parties), across the entire infrastructure.

An identity fabric architecture makes the login process seamless. Users can authenticate once and access all the resources that they are authorized to use. This not only enhances user experience; it also reduces the chances of privilege escalation attacks.

Another key benefit of identity fabric is that it enables organizations to manage access to legacy tools, which may not be compatible with modern IAM solutions. By weaving legacy systems into the identity fabric, organizations can use the same advanced authentication protocols to secure all their applications, regardless of age or compatibility.

Identity fabric works by interweaving a collection of identity tools, much like the threads of a fabric. It allows organizations to implement access control for all their applications, systems, environments and identities from a single point of control.

Organizations can build identity fabric architectures that are tailored to their specific needs. The complexity of the architecture typically depends on the number of identity use cases and identity tools.

For example, an organization may build an identity fabric by creating an application that sits at the center of their identity tools, which could include tools for identity governance, privileged account management, access control and legacy application security.

Using APIs, the application integrates with all the tools and acts as an interface between them. This integration fosters data synchronization and communication between otherwise disjointed applications, allowing administrators to define and enforce security controls at a central level.

Using this approach, administrators can create a single identity and assign it access rights for both cloud and legacy applications. Conversely, in a non-consolidated identity setup, they would have to create separate identities in the legacy and cloud security tools, leading to potential inefficiencies and misconfigurations.

No, there aren’t any significant differences between converged identity and identity fabric. Both approaches share a common goal of integrating previously siloed identity tools and offering a unified view of all identities and access controls. The terms are often used interchangeably. For example, KuppingerCole uses identity fabric, whereas Gartner uses converged identity to describe the same concept.

However, it’s worth noting that several vendors use converged identity to describe and market their consolidated identity products. Conversely, identity fabric is rarely, if at –all, used to describe a product. It’s considered a paradigm that enterprises can use to build their own consolidated architectures in house.

Converged identity (or identity fabric) and Zero Trust are related concepts that differ in their approach to security and access control. Converged identity focuses on consolidating identity tools with the goal of providing a single source of truth for identities and access control.

On the other hand, Zero Trust dictates that no entity in a network should be inherently trusted. This means that no user or device can access any resource unless they have the necessary privileges. Additionally, the Zero Trust paradigm recommends continuous authorization during a session and adherence to the principle of least privilege.

With that said, both approaches don’t have to be mutually exclusive. In fact, some organizations adopt a converged identity approach as part of their efforts to achieve Zero Trust.