I’ve covered Sapho, and its attempt to change the game for those poor souls forced to use old and inflexible enterprise technology for years. Sapho’s attitude is that the reality is that enterprises either can’t or won’t rip and replace their most core assets, and so the next best thing is to give those assets a good dose of mobile enablement to unchain workers.
Sapho wants to help organizations take another step in that process and to this end, its co-founder and CTO, Peter Yared has been beavering away back in the lab and has come up with what he’s calling Consolidated Identity, an authentication approach he believes will move the needle when it comes to employees using different internal systems.
The current status
Yared has done this once before. In the early 2000’s he pioneered federated identity in order to simplify online transactions. Federated identity is based on a loose trust model between an individual’s identity provider account and the services of a service provider – in essence, it puts a “firewall” between the authentication provider and the services provider. For example, users accessing a hotel’s website can log in with their Google or Facebook accounts. However, the hotel’s website is limited in what it can learn about a user, and Google and Facebook are limited in what they can learn about your hotel reservation. The class of these different systems – one a personal/consumer tool, and the other a business tool, make this loose trust model necessary for this type of use case.
The shiny new Sapho thing
Because of this loose trust model, however, federated identity is very challenged in enterprise environments. Which is where Yared, latest tinkering, and the development of Consolidated Identity comes in. Consolidated identity changes this paradigm as it assumes a high trust network, where the enterprise itself is the identity provider. This prevents the need for identity separation—“the firewall”—between the identity provider and the service provider. This is because service providers, which provide services, such as payroll and time off requests, do not hold any data that should not be privy to the enterprise.
By using Consolidated Identity, enterprise users who need to access multiple applications on a daily basis can do so, without logging into each one individually. In the same way that single sign-on made life easier for users (by allowing a single sign-on protocol to cover the breadth of their application needs), Consolidated Identity makes it faster, by doing away with the entire logging on process altogether. A Yared commented:
Consolidated identity is changing how employees do their work by inheriting the authentication, authorization, and data governance policies of the individual applications to allow employees to access data and complete tasks in a single interface
So, how does it work?
With consolidated identity, employees can access what they need from a variety of applications without having to go into each application separately. The consolidated identity system makes this possible by aggregating the relevant data for each employee and their entitlements across both the identity provider and the applications. The resulting “identity graph” enables developers to create enterprise applications that offer employees a more engaging, customized user experience, while also providing tighter security through authentication, authorization, and data governance.
MyPOV
At a conceptual level, Consolidated Identity makes a ton of sense and will deliver better outcomes for enterprises and their users. The devil, however, is in the detail and by moving to a high-trust model, many CIOs will be worried that the onus upon their teams to make sure authentication permissions are accurately built becomes all the more important. Consolidated Identity flies in the face of concepts like zero-trust, which in these days of increasing attention to data breaches, are becoming more accepted.
It will be interesting to see the market response to Consolidated Identity and how it helps Sapho’s growth.
