Nothing is more continuous about us than our identity, and managing these identities has always been critical to a successful enterprise.
But we have never been more connected to our digital identities than before now, neither us as individuals or as enterprises. This includes not only authenticating ourselves to applications and resources, but also the context of who we are when conducting that transaction: what we are doing, why we are doing it, how we are doing it, and where we are doing it?
Much like our development and delivery pipelines, our identities and how we interact with applications and services is continuous. Today, the typical worker in an organization is probably using 20, 30 or more applications and two or more mobile devices. When workers are moving from device to device and from location to location, who they are never changes, but the context of what they are doing very well may.
What do we mean by context and identity? It's about identifying who someone is and what they may be trying to do based on their identity, their job role, where they happen to be (such as a customer location), and the customers, files, or data they are trying to access. It's about putting users into the context of who they are and what they are doing that very moment.
Sounds complex, but it's not. At a high level, there are three primary layers to identity: the users, the devices or apps being used, and the app or service driving those apps. Of course, this follows the need to vet users as being who they are through some form of authentication, which can then be used to authorize access to many other apps and services as well.
By placing events and the identities tied to them into their context, organizations can not only enhance the traditional processes associated with identity management, such as business process, data, where the data can flow, and what users are permitted to do -- but also help to enhance what the user is trying to do at that very moment by utilizing all of the data around the transaction they are trying to conduct.
As with other aspects of the continuous enterprise, we need to take into account the Laws of the Continuous Enterprise, particularly the Third Law of the Continuous Enterprise detailed here, when an app, or process, can be replaced with a third-party service, it should. Enterprises should consider uniting their cloud, on-premise, and mobile device identities with an identity service that can unify authentication and user context with a single identity with a simplified log-on.
With identity managed as a service, it doesn't matter where, how, or how quickly users add new apps or devices. They'll be able to be onboard simply, with a single identity used to access the resources they need. As much of these processes as possible should be automated: user and access management, directory management, once directory integration is completed.
If enterprises want to excel with their continuous IT efforts, identity has to be a part of those efforts, and that includes the context of not only their business role and established privileges, but what exactly they're trying to accomplish.
This article is published as part of the IDG Contributor Network. Want to Join?