Successful Hybrid Identity Deployments

Successful Hybrid Identity Deployments

Why success matters to federal agencies — and how to choose a solution

The recent guidance document released by the Cybersecurity and Infrastructure Security Agency (CISA), "Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture," proposes a number of architectures and solutions to move more identity management functions to a SaaS model, also known as identity as a service, or IDaaS. The CISA publication is timely, given the prevalence of IDaaS solutions that are providing modern use cases to help secure organizations.

There are still many self-managed identity management solutions on the market, and IDaaS solutions have been available for over a decade. But federal agencies have struggled to migrate the full breadth of identity functionality to SaaS solutions. The hybrid models suggested by CISA do address ways to work through many of the common challenges.

There are a few areas that ForgeRock would like to address, complementary to CISA's comprehensive document. Having a single vendor that can address all of the core identity functionality needed by an agency, no matter how it is deployed, is key. The ForgeRock Identity Platform is a complete identity and access management (IAM) solution. The following points underscore what a complete identity platform is and why it's important for agencies.

Flexible deployment

Identity solutions should facilitate the hybrid models presented by CISA without relying on legacy identity solutions. ForgeRock maintains its self-managed, as-a-service, and DevOps deployments. The licensing for IDaaS allows for the other deployment models to be deployed in a hybrid model without additional license charges. You can have an unlimited number of instances of the ForgeRock platform deployed on-premises or to the agency's virtual private cloud. Flexibility supports CISA's hybrid deployment models without increasing the license costs.

Modernizing existing architectures

Agencies need modern features that are more complete than many IDaaS solutions provide. This includes the flexibility to run a next-generation, scalable LDAP on-premises while leveraging an IDaaS solution. ForgeRock has both deployments available to support these use cases. The ForgeRock solution also provides multiple solutions to authenticate securely into legacy apps and a robust IoT solution.

Support for open standards

When there is heavy reliance on federation standards, as CISA calls out in its report, the identity vendor needs to proactively support and update the specification for standards like SAML, OIDC, and WebAuthn. ForgeRock releases updates for specification changes to standards and references the changes in release notes. This enables our customers to quickly leverage security updates and feature changes included in the specifications.

The pricing model

The impact of monthly surge pricing, charging by integrated apps or by multi-factor authentication (MFA) solutions in use have to be eliminated from the identity space, both for scalability and to stabilize budgets. ForgeRock's license is based on annual identities for the modules purchased. This allows for agencies to budget confidently for their identity solutions. This license model also frees agencies from monthly surge pricing and reduces the complexity of the licensing model.

When an agency is looking to modernize their identity solution, they should look for flexibility and stability in a comprehensive identity platform that can be deployed for any core identity use case. ForgeRock is a comprehensive identity platform that will solve your hybrid identity use cases.

To learn more, visit: