Overview

This post is a continuation of Part 3 - Radiant Logic Install Instructions. Now that the infrastructure is in place, it is time to implement the use case from the previous blog article introducing this concept. As a reminder, the plan is to deliver a view of the HR, CRM and inventory systems, and to join the information into a common view. Once that is available, logic can be implemented to make determinations about activities that are required. We are going to identify salespeople on vacation with customers that have low inventory. Keep in mind that there are multiple ways to do this. I am leveraging this approach to simplify the configuration. This is not what I suggest for production implementations.

Table of Contents

• Part 1: Overview of the Components and Their Assembly

• Part 2: Base Install and Configuration

• Part 3: Radiant Logic Install Instructions

• Part 4: Implementing the Use Case

Implementing the Use Case

To create this example, I generated three proxy views that point to the underlying repository. No data is stored on the appliance itself in the scenario.

The first view is the proxy (customers) for the customer data. The purpose of this view is to bring in the customer list, the customer's sales representative and their current inventory of Mad Marauder t-shirts. To make the data easier to consume, I created a computed attribute which calculates the inventory for a customer and concatenates it with the customer name.

The second proxy (data) is the list of internal employees. A computed attribute has been created that creates the data needed for the sales dashboard by combining the salesperson’s name with the inventory attribute that was generated on the customer proxy.

The customerInventory attribute is made available by joining the data proxy to the customer proxy and returning that attribute and related values.

Similarly, the manager view proxy (managerview) is joined to the employee view to bring back the salesDashboard attribute and associated values.

For this example, the following screenshot shows the list of customers in the system. Note that this list is being dynamically generated in the proxy and is not a static representation of the information.

There are also two employees listed for this example. Ann is the employee on vacation and Steven is her manager.

Looking at the manager branch there are two things to consider. The first is that the users have been limited to only managers. Second, Ann is displayed in the salesDashboard attribute that was brought in through the join. Remember that join was the result of a join from the employees to the customers in order to get the customer inventory. Sample logic is also displayed to show that Ann is on vacation.

This data can then be leveraged by a web application to make it easily consumable.

By taking advantage of lower cost hardware that can be easily clustered, we were able to build a solution that gave Steven important insights into the company’s customers. He now knows that Global Inc has 0 inventory and their sales rep is out of the office. There are limitless other uses that can be found for such a device. Maybe you can come up with a couple as well.

FOR IMMEDIATE RELEASE: December 3, 2020

CoreBlox LLC

877-TRY-BLOX

info@coreblox.com

CoreBlox Named a Ping Identity Advanced Delivery Partner

Level reflects the growth of CoreBlox’s Ping Practice in 2020

New York, NY: CoreBlox LLC, a leading provider of Identity & Access Management services and solutions, today announced that it has been named a Ping Identity Advanced Delivery Partner. The Advanced designation is a reflection of the significant investment and continued commitment by CoreBlox in this longstanding partnership.

“Becoming an Advanced Delivery Partner is a recognition of the investment we’ve made in preparing our services team to address the growing needs of digital transformation with Ping Identity’s industry leading solutions,” says Chad Northrup, President at CoreBlox. “Our clients can be assured that they’ll be working with vendor certified resources who have a track record for delivering successful Ping deployments.”

In addition to meeting the required benchmarks for consultant certifications and delivery, CoreBlox was also recognized with an Innovator Specialization for a unique solution that was developed for a leading automotive manufacturer. The solution leveraged the CoreBlox Token Service, which allows PingFederate to securely exchange tokens with Symantec SiteMinder.

To learn more about CoreBlox and how we enable digital transformation through Identity & Access Management, please visit www.coreblox.com.

About CoreBlox

CoreBlox, a Division of Winmill, is a premier provider of Identity & Access Management solutions for enterprise, federated, and cloud environments. We partner with leading industry vendors such as Ping Identity, Radiant Logic, SailPoint & Strata to ensure that we are able to deliver the optimal solution for our clients’ unique needs. From strategy & architecture to deployment and ongoing management, CoreBlox helps to make identity a strategic advantage.

Why You Need to Consider Identity and Access Management When Defining Your Digital Transformation Strategy

Overview

Your Identity and Access Management (IAM) strategy plays a key role in determining your digital transformation strategy. When evaluating business processes, the security of those new processes must be considered. While it is necessary to implement strong security practices, consideration of usability and ease-of-use needs to be factored into the design. This article will outline ways in which you can incorporate Identity and Access Management processes into your digital transformation strategy.

What is Digital Transformation

Digital transformation is a re-engineering of your business processes to take advantage of modern technologies. It is not just a matter of just taking a process and making it digital, but also a review and examination of how your business is done and how it can be made better. The key to digital transformation is that it is about the customer at its core. New technologies and processes can be used to define new ways to do business.

Digital transformation goes beyond a single organization. New processes need to cross the historic corporate silos, allowing you to define processes that bring together marketing, sales and services in how you engage your customers. These new processes can deliver a significant competitive advantage over companies that continue with legacy processes.

While it is easy to think of a customer as someone who buys your goods and services, it is important to keep in mind that employees are customers as well. Employees have embraced the modern age and expect to be able to interact with their employers in a truly connected fashion. This “always on” environment must be considered as you look to define your digital transformation strategy.

How Does Identity and Access Management Play a Role

Identity and Access Management plays a key role in your digital transformation strategy. It contains the underlying processes that manage identities across your corporate systems and provides the front door to access those systems. IAM technologies must be reviewed and part of your digital transformation analysis. Inclusion of your security organization as part of the process is a necessity. 

Remember that when reviewing your IAM strategy, both customers and employees are a direct consideration. Customer behavior begins with how you manage that customer’s identity and how you determine that customer’s identity when interacting with your systems. Employees need access to that information in a secure and easy to use fashion. Overly complex authentication processes, while perhaps highly secure, have a negative impact on user experience. The use of manual or complicated identity management processes will only result in poorly managed identities. This makes it challenging to ensure correct system access, define the processes around managing that access, and certifying the identities for compliance purposes.

Your IAM digital transformation strategy is your first step into gaining visibility into the complete view of customer behavior. You must securely identify the user before you can allow access and can determine the identity of the user. Additionally, security behaviors can inform your decisions based upon where customers are logging-in, how customers prefer to authenticate, what systems the users are accessing, or even when users are using your resources. This information can help not only your security practices to identify potential security breaches, but also these behaviors can be shared with other teams to determine how to best serve customers and market additional services to those users.

Identity and Access Management Key Factors

When starting your reimagining of your Identity and Access Management processes, your main consideration is how you can personalize the experience of your customer interactions. While this is not solely the purview of your IAM systems, this experience begins with those systems and is a factor with every click the user makes. The ability to ensure the usability of those processes, the ability to build an interface that best suits your customer’s needs, and the information you gain from those clicks are all factors that need to be considered.

Engaging customers where they are leveraging new technologies is at the core of digital transformation. While something as simple as social sign-in seems minor, acknowledging that user behavior is driven by common online interactions simplifies the user experience. However, as part of that analysis, the level of security required must be considered. Perhaps signing-in with an Apple ID is sufficient when the user is accessing the system from a known location, but if the user is signing-in from a new location or performing a sensitive transaction an additional factor to identity the user is required. These authentication policies are an example of ways to engage your customer that simplify the user experience. Additionally, single sign-on ensures that the user is not prompted multiple times, reducing user dissatisfaction, and better secures the environment as the user crosses system and application components.

In order to provide a unified customer experience, it is necessary to enhance user profiles for better personalization. Data regarding the user may exist in multiple systems. Bringing those attributes together allows you to enrich that profile to provide a better customer experience. Technologies like a Federated Identity Service allow you unify what you know about the customer without needing to have each system connect to multiple backends to get that data. As an identity integration layer, these services allow you to better unify identity information, improve security, create custom views into identity attributes, and even persist data locally as needed. This integration layer speeds deployments and simplifies the integration across systems. This puts the customer at the core by bringing together all that you know about that users, and also centralizes the access to user information which can be used to determine user behavior. This improves your ability to scale your systems and also future-proof your security infrastructure.

Other ways to speed the deployment of your IAM digital transformation is to leverage cloud based services for your identity infrastructure. There are several considerations in leveraging a cloud based service. The primary consideration is how much control you need over your user identities. For highly secure environments, hosting those identities offsite may not be possible. Another consideration is how many applications you have are cloud based or have a mechanism for federated sign-in with technologies like SAML. If you have a high number of on-premises applications, a cloud based identity service may not be as relevant a choice. However, keep in mind that one of the main drivers for digital transformation is to review those applications and to determine if those applications can be modernized. Even factors such as if you are securing customer facing or employee facing systems need to be considered. The licensing costs for large customer facing systems may make some cloud based services untenable. 

Developing a strategy for delivering your IAM components as microservices also speeds your time to market. This allows you to externalize security from the applications and centralize the management of security policy without the need to deliver monolithic legacy technologies. Microservices allow applications to be created using a collection of loosely coupled services. The services are fine-grained and lightweight. This improves modularity and enables flexibility during the development phase of the application, making the application easier to understand. When designing applications, identity becomes a key factor to building out a personalized user experience. Identity also enables other microservices for tasks like authorization, single sign-on, identity management and compliance. These microservices can then be leveraged to engage the customer on the platform of their choice. Whether it is a mobile application or a website, a common personalized experience can be delivered.

Embracing DevOps practices can also modernize your Identity and Access Management infrastructure and processes. DevOps combines your IAM processes and technologies with your IT operations. This can help shorten your release cycles and improve the quality of your systems. Leveraging an agile approach to your releases brings incremental successes and eliminates the historic “big-bang” approach to delivering IAM technologies. Technologies like Kubernetes for orchestration help automate the deployment, scaling and management of your IAM infrastructure. When built with microservices in mind, individual components of your IAM infrastructure can be enhanced and delivered in an automated fashion without the risk of impacting your entire IAM environment.

Embracing new technologies around Artificial Intelligence (AI) should also be part of your IAM digital transformation strategy. AI allows you to gain insights into user behavior that may not be otherwise possible. This improves your ability to provide a more secure environment and to better detect breaches. It also provides insights into user behavior that can drive marketing and sales campaigns.

Remember that your customers includes your employees. When defining your IAM digital transformation strategy, consider technologies that improve the user experience, expand access to modern technologies and allow users to leveraging the devices of their choice. This requires evaluation and implementation of the same principles that were leveraged for external customers. Look at simplifying the security interactions through authentication policies, easy to use multi-factor authentication (MFA), single sign-on, and access to collaboration technologies that can be leveraged in a secure manner. Look at zero-trust network principles by using technology to determine the level of confidence you have in systems connected to your network and the behavior of your internal users.

Example Implementation

The principles of Identity and Access Management as part of digital transformation can be highlighted by the example of a large bank in New York. This bank was looking to provide a better customer experience and to improve the overall security of their systems. Their goals included delivering a new online customer banking experience, learning more about their customers, and leveraging targeted marketing to up-sell banking services in a personalized manner. Additionally, this included the delivery of new mobile based banking tools to better engage their customers.

This bank delivered a system that combined a platform for online and mobile banking with Identity and Access Management tools needed to secure and personalize the user experience. By leveraging technologies that were tightly integrated, the bank was able to engage with the user on the platform of their choice. This also allowed the bank to get a full view of the users’ activities and deliver marketing during the sign-in flow. This marketing was specific to the users profile which was unified through a federated identity service. The process of “knowing your customer” (KYC) helped to ensure that the user was correctly identified from initial registration through to performing secured interactions.

The bank also delivered a simplified MFA experience by leveraging policy based authentication and step-up. Users where initially challenged for a second factor which was incorporated into the core login flow. The step-up authentication appeared to be no different from when a user was directly logging-in and required no additional factors aside from the KYC processes. The risk associated with the customers transactions was evaluated and step-up authentication was only needed when the user was authenticating from a new device, new location, or when performing a higher risk transaction. Additionally, user behavior was evaluated to ensure that a user was not logging-in from two different locations in the world at the same time.

This implementation improved customer satisfaction and expanded business offerings. Customers were now able to interact with the bank through the platform of their choice and security was delivered in a seamless, easy-to-use, manner. The bank was able to better identify the complete profile of the user and provide a customized experience. This included marketing of new services in a way that was unobtrusive and effective.

Common Mistakes

There are several mistakes that can be avoided to help ensure a successful IAM digital transformation strategy. The biggest technical mistake is leveraging non-integrated tools to deliver you IAM infrastructure. This overly complicates the deployment and also introduces potential security gaps. Look to use tools that are either already tightly integrated or have predefined integration. Validate those systems through a upfront proof-of-concept before making a significant purchase decision. 

Additionally, waiting for the “big-bang” release greatly increases risk and reduces your ability to show incremental improvements. Management support for the IAM digital transformation strategy is critical and being able to show quick benefits improves confidence in the solution. If possible, leverage systems that you can easily replace by leveraging smaller services that can be delivered in an agile fashion.

Not taking advantage of seasoned consultants who can help you define and deliver your IAM digital transformation strategy can also hurt your chance of success. Leverage the experience of integrators who have helped other organizations deliver on their strategy. The adage “penny wise pound foolish” is applicable here. Delivery of your strategy and showing success ensure long-term benefit from your IAM solution and executive support.

Conclusion

Your Identity and Access Management digital transformation strategy is a key part of not only your security, but also is a part of your overall digital transformation strategy. IAM provides the foundational layer that supports all of your reimagined business and technological processes. Look at putting the customer first, whether that customer is a buyer or an employee. The user experience is key and that experience can be driven by a powerful identity integration layer and easily consumable microservices.

To deliver upon this strategy start with an internal assessment and review your legacy infrastructure. Identify what is the largest problem and look to address those problems first. Incremental delivery is a clear path to success. Remember that flexibility is important when determining your IAM strategy. Do not lock yourself in to a specific flow if other approaches may provide more benefit. Collaboration is a core part of your strategy. You need buy-in and support across the business to deliver on your new IAM digital transformation strategy.

Overview

This document discusses how to setup an adaptive PingFed cluster through dynamic discovery with the DNS_PING protocol, which is the recommended approach for PingFederate 10.2.

Key Concepts

Dynamic discovery is well suited for environments where traffic volume may spike and require additional resources during the peak period to handle the increased traffic. This elastic scaling capability helps you to bring additional PingFederate engine nodes online with no additional configuration changes after the initial setup.

Google's CloudDNS is Ping's recommended approach in GKE because it works seamlessly with GCP and JGroup's DNS_PING protocol.

ExternalDNS is a set of workloads to be deployed inside a kubernetes cluste. It synchronizes exposed Kubernetes Services and Ingresses with DNS providers. It makes Kubernetes resources discoverable via public/private DNS servers. It allows you to control DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way.

• Ref: https://github.com/kubernetes-sigs/external-dns

CloudDNS is a GCP service providing low latency and high availability DNS zone serving. It can act as an authoritative DNS server for public zones that are visible to the internet, or for private zones that are visible only within your network.

Prerequisites

• register a new google account and activate $300 credit

• install following tools on your laptop

  • gcloud (gcp sdk)

  • kubectl (kubernetes command-line tool)

  • Visual Studio code (IDE)

  • github

Preparations:

1. Set up a VPC network with two subnets for us-east and us-west regions

• Path: VPC network / VPC networks/ Create VPC network

2. Create two kubernetes clusters in us-east and us-west

• Path: Kubernetes Engine / Clusters / Create

3. Create a GCE persistent disk (gke-pf-disk) in us-east. It will later be mounted on the PingFed Console pod to persist configuration data

• Path: Compute Engine / Storage - Disks / Create Disk

4. Create two cloud DNS private zones

• Path: Network services / Cloud DNS / Create a DNS zone

• Note: select the VPC network you created in Step 1 so that these private zones become visible to all entities (vm, nodes, pods, etc) within the network

5. Allow traffics for pod-to-pod commnucations across kubernetes clusters

• Path: VPC network / Firewall / Create Firewall Rule

• Note: ingress and egress traffics for ports 7600 and 7700 should be allowed to pass.

6. [Optional] VPC peering if your kubernetes cluster are located in different networks

• Path: VPC network / VPC network peering / Create Peering Connection

Deploy

1. Clone https://github.com/CoreBlox/ping-federate-gcp.git to local

2. Connect to the us-east kubernetes cluster

• [trick] you can get the gcloud command from GCP console.

• click the 'connect' option for the cluster you want to connect to. Then run the command on your laptop or in Cloud Shell

3. Go to the us-east folder

cd ./ping-federate-gcp/clustered-pingfederate-us-east

4. Prepare deployment.yml file with the kustomize utility

export PING_IDENTITY_K8S_NAMESPACE=default

kustomize build . | \
 envsubst '$' > deployment.yml

5. Deployment k8s workload

kubectl apply -f deployment.yml

6. Go to the us-west folder

7. Repeat step 4-5

Validation

1. Kubernetes Cluster - pods info (us-east)

NAME                                     READY   STATUS    RESTARTS   AGE   IP            NODE                                                  NOMINATED NODE   READINESS GATES
pod/external-dns-7b5bb8879-pnhxv         1/1     Running   0          13m   10.116.2.17   gke-cluster-us-east-default-pool-clus-18a3dac7-bc7v   <none><none>
pod/pingfederate-8484cd5f6-8c8j6         1/1     Running   0          13m   10.116.2.18   gke-cluster-us-east-default-pool-clus-18a3dac7-bc7v   <none><none>
pod/pingfederate-admin-9f5d68f45-mczfg   1/1     Running   0          13m   10.116.0.11   gke-cluster-us-east-default-pool-clus-18a3dac7-jr4h   <none><none>

2. Kubernetes Cluster - pods info (us-west)

NAME                                READY   STATUS    RESTARTS   AGE    IP            NODE                                                  NOMINATED NODE   READINESS GATES
pod/external-dns-5b9567c765-n79ll   1/1     Running   0          5m7s   10.240.0.11   gke-cluster-us-west-default-pool-clus-0a7565e7-0903   <none><none>
pod/pingfederate-6df6cd7f79-jf4ps   1/1     Running   0          5m7s   10.240.1.9    gke-cluster-us-west-default-pool-clus-0a7565e7-ssn2   <none><none>
pod/pingfederate-6df6cd7f79-wcdsx   1/1     Running   0          5m7s   10.240.0.12   gke-cluster-us-west-default-pool-clus-0a7565e7-0903   <none><none>

3. Cloud DNS records (us-east)

gcloud dns record-sets list \
    --zone "ping-us-east" \
    --name "pingfederate-cluster.ping-us-east.google.internal" \
    --type A

NAME                                                TYPE  TTL  DATA
pingfederate-cluster.ping-us-east.google.internal.  A     300  10.116.0.11,10.116.2.18

4. Cloud DNS records (us-west)

gcloud dns record-sets list \
    --zone "ping-us-west" \
    --name "pingfederate-cluster.ping-us-west.google.internal" \
    --type A

NAME                                                TYPE  TTL  DATA
pingfederate-cluster.ping-us-west.google.internal.  A     300  10.240.0.12,10.240.1.9

5. PingFed Console service

• port-forward the admin service and access admin console from your laptop loopback address

curl -u Administrator:2FederateM0re \
-k 'https://127.0.0.1:9999/pf-admin-api/v1/cluster/status' \
--header 'x-xsrf-header: PingFederate' | json_pp

{
  "nodes" : [
     {
        "nodeGroup" : "US-WEST-GROUP",
        "nodeTags" : "",
        "version" : "10.2.2.0",
        "index" : 623902800,
        "mode" : "CLUSTERED_ENGINE",
        "address" : "10.240.0.12:7600"
     },
     {
        "address" : "10.116.0.11:7600",
        "mode" : "CLUSTERED_CONSOLE",
        "index" : 938754485,
        "version" : "10.2.2.0",
        "nodeGroup" : "US-EAST-GROUP"
     },
     {
        "nodeGroup" : "US-EAST-GROUP",
        "nodeTags" : "",
        "version" : "10.2.2.0",
        "index" : 823652998,
        "address" : "10.116.2.18:7600",
        "mode" : "CLUSTERED_ENGINE"
     },
     {
        "nodeTags" : "",
        "version" : "10.2.2.0",
        "nodeGroup" : "US-WEST-GROUP",
        "mode" : "CLUSTERED_ENGINE",
        "address" : "10.240.1.9:7600",
        "index" : 1689306981
     }
  ],
  "replicationRequired" : true,
  "lastConfigUpdateTime" : "2021-05-06T17:14:31.000Z",
  "mixedMode" : false
}

References

• Ref: https://github.com/kubernetes-sigs/external-dns

• Ref: https://devops.pingidentity.com/deployment/deployK8sPFclusters/

What is Zero Trust

Zero Trust is a security principle based upon identity and data as opposed to conventional network and host-based access controls. Historically, models of securing access worked for applications that resided on-premises with either direct or VPN-based access. This model no longer applies. Resources are no longer just on-premises but are a complex hybrid of on-premises and cloud-based applications. Zero Trust is based upon the concept that you must have a way of enforcing security without relying on a perimeter. Instead, you must rely on what you know combined with other factors like risk. This is not a new concept. In fact, in 2005 Dan Hitchcock from Microsoft predicted that information security would move from network and host-based security to security based upon data.

Access to resources is now determined by what you know about the request—who the user is, what devices they are using, what other risk factors can be determined—even if the user is already verified. Identity and risk are now what is most important. This risk should be assessed on every request to access resources and not just at initial access time. Once the user is securely identified, authorization policies must be defined based upon the principle of least access. This is not just granting access to applications, but also dynamically authorizing access to what you can do within the application itself.

Context is Core to Zero Trust

With identity being core to Zero Trust, what you know about the user is key to determining access. The context of a request requires understanding attributes of the identity in relation to what a user is trying to do. Authorization of access and assessment of risk is based upon what you know about a user. This assessment could be attribute based, group based or even based upon relationships between the user and other identities in the environment. Contextual information can be used to classify access requests for use by applications and security systems. Attempts to access information can now be secured based upon the relationship between the user and other factors – like a user's role in the organization – sourced from a user's global profile.

Radiant Logic RadiantOne FID is an identity integration layer that allows you to deploy scalable solutions that solve the complex challenges associated with user data. FID integrates identity data to build a unified view of heterogenous data sources. These data sources can be LDAP directories, databases, web services, and even applications. These profiles can then be delivered to applications to make authorization decisions around user access and to security systems for contextual decisions around user intent.

This integration layer is the source of truth for identities and their related profile attributes. Instead of building connections to identity data on an application-by-application basis, this centralized source of truth can be leveraged– externalizing and eliminating the complexity of identity profile consolidation. As new sources of identity information are incorporated into a user's global profile, those sources can be added without changes to the applications and other consumers of the identity data.

Applications and security systems not only rely on user attributes for authorization and risk determination, but also on roles. Roles are often represented by groups in an environment. Groups may not exist for systems that need access to that role definition. FID allows you to dynamically build groups from the underlying sources without requiring the creation of static groups or building repositories or manually synchronized group data.

In this example, there are three sources of identity data. The HR, Sales and Marketing groups are built dynamically based upon the data in the underlying repositories instead of manually creating the groups and synchronizing the data from those sources.

One of the other principles of Zero Trust is the concept of least access. Instead of generically granting access to all resources you should only be granted access to the minimum number of resources necessary to do your job. One of the challenges with access control is understanding the relationship between users and those who can approve access to systems. FID allows you to dynamically restructure a hierarchy based upon user attributes without having to create new static representation of user data.

In this example, a model has been created based upon the schema extracted from the LDAP-based enterprise directory. One of the attributes of the user is his or her manager. Identifying a user's manager is needed for access approvals. FID restructures the hierarchy of the enterprise directory to one based upon manager for consumption by access approval systems.

Security is Core to Zero Trust

Security is at the heart of Zero Trust architectures. By centralizing identity data into a solution like FID, you gain the benefit of several key factors. In addition to a unified profile, a common abstraction layer provides one point of access to all identity data. Instead of applications accessing multiple sources and having to track activity across all the sources, access is through a common location with centralized logging. This ability to abstract access to identity data provides a common access location for consumption of profile data. Now one log can be monitored by Security Orchestration, Automation, and Response (SOAR) systems.

Authentication for applications can also be improved by leveraging FID. By abstracting the backends applications, authentication can be centralized into FID instead of an application having to authenticate users against multiple backends. These authentication requests are then logged centrally instead of on a backend basis. Additionally, FID can serve as a backbone for MFA architectures. Authentication (bind) requests to FID can be protected by MFA so that a user is prompted by an authenticator application even when the application itself does not support MFA.

Session is also a key factor in Zero Trust architectures. Understanding application access based upon a user's profile can be used to kill sessions if needed for those application. Additionally, access can be added and removed dynamically based upon a user's profile at access time.

Real-time Access

Zero Trust relies on access to data in real-time. Identity data is not static and may be based upon computed logic or joined attributes. You cannot rely on data imports and additional repositories of static information to store this profile data. However, access to profile data can come from sources that are not easily accessible. Data can be cached for performance, but this also suffers from the same challenge as data imports.

FID allows you to not only cache data for performance with minimal response times, but to also update that data in real-time. This allows applications and security systems to make decisions at the time of user access.

Conclusion

Zero Trust is the core of the architectures of the future. Radiant Logic RadiantOne FID allows you to improve your security posture and simplifies implementations for Zero Trust. Identity and context are necessary for authorization and risk assessment. FID centralizes access and provides a unified profile of user data for your single source of truth. Additionally, centralization of access delivers common logging and a point of aggregation for authentication. Let us know when we can help you with your Zero Trust journey.