Build a secure, customer-driven enterprise with an identity and context virtualization service

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

While directory-focused security initiatives and database-driven customer data integration (CDI) projects might seem to have little in common, a look under the hood reveals they begin with the same need, and would both benefit from a common infrastructure -- an "identity and context service."

After all, identity management and CDI both focus on establishing a singular version of the truth. Security and data management both come down to knowing who the user or customer is -- identity -- and understanding how they relate to the rest of the business -- context.

IN DEPTH: The virtual blind spot

With a solid understanding of both of these elements, an enterprise can effectively manage security efforts (authentication, authorization and identity administration), as well as fully leverage CDI/MDM efforts (cross-sell, upsell and improve customer experience).

The technology that enables this shared truth is model-driven virtualization. This approach creates flexibility in the infrastructure by building a moldable replica of the data and publishing it into customizable views. Identity and context on demand allows insight into customer behaviors and preferences, yielding a quick ROI for both security and CDI initiatives.

Know your customer better

In today's business environment, change is the only constant. Flexibility and responsiveness are essential, and companies must be able to adapt at a moment's notice. By offering identity and context as service to a variety of applications, the enterprise can easily incorporate new identity stores, include additional user populations, and support context-aware applications.

A shared version of identity and context is not only critical for security, it also enables improved customer service thanks to better segmentation, customization and personalization capabilities.

When it comes to increasing customer loyalty and driving revenue, the quality of a customer's experience is paramount. The more the enterprise understands about a particular customer, the easier it is to target cross-sell and upsell opportunities, so marketing initiatives come across as unique, friendly and personalized. This requires seeing the whole picture of the customer, and their entire relationship with the business.

Today's businesses strive to be customer focused, and not transaction-focused -- so how can they fully understand their customers when they're facing a patchwork of information silos?

With fragmented systems of diverse APIs and different protocols -- including SQL, LDAP, Web services, and now cloud-based applications -- the need to identify every user becomes even more critical. Once users are identified across different data stores, the next step is to publish and link the context surrounding each user into customizable views. This means not only creating a common namespace, but also mapping the relationships between the user's identities and attributes across different silos, enabling 360-degree views of users based on history, preferences, demographics, or any other application-specific criteria.

However, there are several technical challenges that stand between a flexible identity infrastructure and the maze of data silos, protocols, and dirty data that are a fact of life for many businesses. Let's look at a few of the challenges that can be overcome by creating an identity and context service:

1) Heterogeneous and customized identity stores

Identity infrastructures are scattered across multiple access protocols and various security means, making it difficult to authenticate and authorize users across domains. Each application relies on its own user store, creating a messy mix of inflexible user lists. Identities can be represented in Active Directory, relational databases, LDAP directories, or stored in applications or the cloud, so it can be quite a test for applications to find and authenticate a user.

2) Different systems, different identifiers, same user

The lack of a common identifier across data silos makes it hard for any IT initiative to get off the ground. A user or customer might appear multiple times across the system, often with a different username or representation each time.

3) Risk of over-centralizing identity storage

Centralizing all identity storage into one mega-directory is one response to a fragmented infrastructure. However, that can quickly create a monolithic data store that's impossible to manage and synchronize.

Model-driven virtualization can overcome these challenges in modern, complex infrastructures, making an identity and context service an achievable reality. It builds an external, virtual global replica of the data contained within the enterprise -- yet still leverages the underlying authoritative sources. This virtual layer enables on-the-fly recombination of services, so the enterprise can easily repackage offerings to better serve their customers.

Thanks to an identity and context service, applications can seamlessly access critical information from one single place. By externalizing the specific data models of each data silo and then manipulating them into different hierarchies, an identity service gives applications the unique views they require -- and allows companies the freedom and flexibility to look at customers and their context through whichever lens best fits its business needs.

An identity and context service first integrates, correlates, and then delivers representations of users and the context that surrounds them. By supplying identity information in a flexible and customizable way, an enterprise can easily add applications and populations into the infrastructure.

An identity and context services adds tremendous value and flexibility in any enterprise:

• Simplifies authentication by creating one common namespace for applications to search. Identities are integrated into a clean global list, streamlining identification, while credential checking can be handled at the virtualization layer, or delegated to the backend sources.

• Solves the identity correlation challenge by identifying intersections and overlaps, making sure that each user or customer appears only once for applications, no matter how many times -- or in how many ways -- that person shows up across all data sources. If no common entry name exists between silos, the identity and context service binds application-specific identifiers, no matter where they're stored, to create one global identifier.

• Builds rich contextual data views by drawing on the classification and regrouping of the user. Context in an identity profile comes from classification based on an implicit or explicit hierarchy. The challenge is to be able to express all these hierarchical relationships in a flexible way. With an identity and context service, enterprises can store data in SQL, capturing attribute richness and relationships, yet extract and quickly publish customizable contextual views with no limitation on dynamic joins. In this way, an identity and context service unites the contextual representation of SQL with the speed of hierarchical and NoSQL realms, yet avoids the drawbacks of each system.

An identity and context service delivers these core capabilities on demand, empowering the applications that help businesses to successfully secure and serve their customer base. Virtualization not only answers the toughest security challenges, but also enables any MDM or CDI initiative that requires a deeper customer understanding.

As inventor and market leader of virtual directory solutions, Radiant Logic solves complex identity integration challenges in Fortune 1000 companies worldwide. The RadiantOne Identity and Context Virtualization platform uses model-driven virtualization to unify disparate data and application silos, streamlining authentication and authorization for identity management, context-driven applications, and cloud-based infrastructures. For more information, visit

Learn more about this topic

A is for Authentication: ABCs of IT

Secure authentication to the cloud

Battle looms over securing virtualized systems

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.