Secure Cloud Business Applications: Hybrid Identity Solutions Guidance

Identity management for a traditional on-premises enterprise network is usually handled by an on-premises directory service (e.g., Active Directory). When organizations leverage cloud solutions and attempt to integrate them with their on-premises systems (creating a “hybrid” environment), identity management can become significantly more complex. On-premises identity management solutions need to securely and efficiently integrate with those applied in the cloud to achieve interoperability.

The Cybersecurity and Infrastructure Security Agency (CISA) developed this Hybrid Identity Solutions Guidance to help readers better understand identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. This solutions guidance also supports the Secure Cloud Business Application (SCuBA) project’s goal of providing guidance to help agencies effectively implement cybersecurity capabilities as they migrate from traditional on-premises infrastructure to the cloud. Although primarily intended for FCEB agencies, this guidance is broadly applicable for state, local, tribal, and territorial entities, critical infrastructure, and key resources, as well as private industry, academia, and more.