The concept of the “trusted” data center has been replaced with API’s and Microservices which span hybrid clouds while requiring access to sensitive data. This has brought on a change in data traffic where now the North/South traffic coming in and out of the data center amounts to only 20% while the East/West, or internal traffic, makes up 80% of the data traffic today. Additionally, new use cases brought on by the Internet of Things (IoT) is pushing the boundaries of edge computing with data being collected by unknown devices. Seeing this industry shift Cloudentity created a true zero-trust API security solution that can support the new flow of data while maintaining security. The approach is built on creating Identities for every user, service, and thing.

Why identity?

Authentication and authorization are the pillars of identity. Building them into all data transactions allows each transaction to have its own comprehensive digitally signed audit trail with unique transaction IDs to fulfill governance and compliance requirements. It also supports fine-grained authorization for each transaction. Not just for users as is primarily thought of with identity but for all users, services and things generating traffic that Cloudentity calls Identity for Entities.

Can traditional IAM platforms be used?

The traditional IAM platforms have utilized a “user-centric model” where a user accesses a handful of applications using a few of devices, establishing a “one-to-many” relationship model. That model performed well. However, today’s Enterprises are leveraging Hybrid cloud environments, where Identity can no longer be defined by a user, device or even monolithic application. Plus, in most cases, existing identity platforms are monoliths themselves preventing them from participating effectively in a microservice or hybrid environment.

The problem grows exponentially when you consider application security threats as well as the need for Continuous Integration/Continuous Development (CI/CD) code releases. Enterprises quickly realize current IAM platform limitations: inability to leverage multi-cloud environments, address distributed applications, and dynamically and securely scale to meet business demands.

Despite these limitations, you may not want to “rip and replace” an existing IAM platform. This could be due to the investment or just not wanting to require users to establish new identities or change to a new authentication flow. Utilizing Cloudentity does not require replacing an existing platform but instead through our Token Exchange Service can enhance an identity solution to build in the security every technology organization needs.


In an ideal world, Developers are enabled to embed Security and Identity into the workloads and functions they deploy. No longer will Developers need to know the idiosyncrasies of heavy-weight OAuth libraries, API inspection and complex Authorization models that all need consistent patching and secret management. They need short-lived tokens, traceability between services, and most of all, they need a signed record of the User/API/Thing who’s requesting that data across dozens of services. Our core tenets are:

Make it easy for the Developer

Create a collection of core services that focus on ease of use for the Developer

Consistently Address Multiple Workloads

Provide multi-cloud/hybrid cloud capabilities out to the box with support for any User, Service, or Thing

Provide Developers with Choice

Deliver an overarching security mesh that spans multiple clouds (public or private), containers, Server-less functions, virtual machines, and bare metal