For most payments firms, moving to the cloud often involves using multiple providers to exploit the strengths of different platforms — with the goals of cutting operational costs and enhancing the customer experience.
The traditional approach to IT systems has been to centralize infrastructure. The distributed nature of cloud computing is forcing a change to this decades-old model. For financial services, and most large organizations with entrenched legacy identity systems, finding ways to support data center and cloud applications without ripping and replacing infrastructure is an urgent priority.
Traditional financial institutions are facing unprecedented competition from fintechs. These digital-first companies provide services exclusively through mobile and web platforms.
Not only do they lack brick-and-mortar expenses, they leverage cloud-based systems that are fast and nimble, and provide personalized application experiences.
To respond to these competitive pressures and satisfy rapidly evolving customer demands, traditional financial services firms need to modernize their legacy systems.
Making this transition however, while containing IT spending (which is between 15% and 25% as a percentage of revenue), is a significant challenge.
Migrating to the cloud exposes the pivotal role of identity in the smooth operation of applications, and how it creates unique challenges.
For example, legacy applications are hard-coded to work with aging identity and access management (IAM) systems. This creates silos of identity and access policy data that cannot be shared with other apps or the identity systems used by each cloud provider.
As a result, organizations that want to embrace new technology must essentially lift and replace legacy identity infrastructures, which is slow and expensive. That’s because point-to-point API integration is extremely complex and requires rewriting each application.
Another big problem is that each cloud service — including Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure — forces organizations to maintain a separate silo of identity, authentication, access control and policies.
The solution to this problem lies in implementing a distributed identity and orchestration model, whereby identity and access policies can remain in the organization’s preferred on-premises or cloud repositories.
One approach gaining traction with several financial institutions is the use of an identity fabric. This software-based abstraction layer integrates and orchestrates identity data across multiple identity systems and cloud service providers, while maintaining the same familiar experience for users.
An identity fabric uses existing standards such as OAuth, OIDC, SCIM, and SAML to automate the configuration and management of users’ sessions across legacy systems and cloud service providers. By orchestrating the integration of distributed identity systems, which remain undisturbed, an identity fabric provides several important use case benefits.
It delivers identity data rapidly, regardless of the silo where it resides (cloud or on-premises) for smooth customer onboarding, better understanding of the customer interaction, and real-time user personalization.
This enables numerous secure customer contact points and channels (web, mobile, kiosk, etc.), while leveraging identity data where it exists and abstracting access policies across identity domains and cloud platforms.
Since customer identities can remain distributed in their original repositories, organizations can migrate applications over time to the cloud and/or new identity systems.
Finally, an identity fabric modernizes identity infrastructure without any manual rewriting of apps.