Strata Identity, the Identity Orchestration for Multi-Cloud company, announced today the availability of an open source project that enables organisations to use cloud platforms such as Azure, AWS, and Google while applying consistent access policies across any applications on any cloud. IDQL is a new declarative policy format for defining identity access policies.
Currently, each cloud platform (AWS, Google, Microsoft Azure, and so on) employs a proprietary identity system with its own policy language, all of which are incompatible. In the meantime, each application must be hardcoded to use a specific identity system. According to the 2022 State of Multi-Cloud Identity report, which was released last week, this is a major challenge for organisations, with only 25% of respondents claiming visibility into multi-cloud access policies.
IDQL and Hexa allow any number of identity systems to collaborate as a unified whole without requiring any changes to the systems or applications.
Identity and access policy are abstracted from cloud platforms, authorization systems, data resources, and zero trust networks by Hexa. It finds existing policies and then converts them from their native policy syntax to the generic, IDQL declarative policy. Finally, Hexa manages policies across cloud systems and the technology stack, which includes apps, data resources, platforms, and networks.
One working group member in particular recognises the importance of unifying policy orchestration from the application layer to the network layer. “IDQL and Hexa provide the necessary framework for linking identity and policy to the Zero Trust standards being developed at MEF today,” said Pascal Menezes, CTO of MEF. “MEF is proud to be an early supporter of IDQL and Hexa and we look forward to collaborating further in the future.”
Some of the co-authors of Security Assertion Markup Language (SAML), the global federated identity and SSO standard that allows internet users to move between federated websites without re-entering their credentials, created IDQL and Hexa.
How it Works
Hexa is an open source technology that allows businesses to unify and manage all of their access policies across multiple clouds, on-premises systems, and vendors. IDQL and Hexa work together to provide the following capabilities:
Policy formulation
- Analyzes and inventories key apps, data, and policies.
- Discovers which apps exist and where they can be found
- Discovers which policies, users, and roles exist
Policy interpretation
- During policy discovery, it converts native, imperative policies into declarative IDQL policies.
- During policy orchestration, converts declarative IDQL policies into native, imperative policies of the target system(s).
Policy coordination
- Disseminates policies for enforcement by identity providers (IdPs), clouds, IaaS, and network systems
- Operates on a cloud-based architecture that does not require an agent, proxy, or local code
- Makes use of an extensible, open source model that allows for custom connector integrations