The What
Let us start with the basics. IDQL stands for Identity Query Language. The description given to it from the Hexa website (I’ll come back to Hexa in a minute) is “Identity Query Language (IDQL) is a declarative access policy and set of APIs that enables the mapping of a centrally managed policy into the native format of multiple clouds and application platforms”. The main initiator of the IDQL project is Strata who issued a press release back in May 2022 outlining the concept and idea. Strata is the “identity orchestration” company, that looks to solve the growing problem where identity and permissions data is being spread across a multi-cloud landscape – but somehow needs to be managed centrally in order to improve visibility and security.
The Hexa Orchestration project is an implementation of IDQL that supports the “discovery, translation and orchestration” for those multi-cloud problems. It would essentially allow you to take some policy data from AWS, translate into IDQL, then potentially push into GCP.
The Why
Policy data (linking subjects to objects) in AWS for example is incompatible with the equivalent document based permission system on GCP. Different syntax, storage and governance and likely you’d need two separate experts to setup the equivalent functionality in the two systems. These issues are growing and the likes of Strata aim to “orchestrate” these issues. IDQL is a project to accelerate the tooling in this area. Multi-cloud or hybrid cloud deployment patterns are growing – either out of enterprises not wanting to have a single cloud service provider (CSP) due to negotiation or fault tolerance reasons or the fact that many organisations simply rely on a multitude of different suppliers. The ability to manage the complexity of identity and access management structure and configuration should help reduce visibility issues, consistency issues and deployment speed.
The Uses
Gluing together these multi-cloud ecosystems is clearly a benefit. But by doing so also introduces secondary benefits.
- Consistency
- Speed to deployment
- Improved Visibility
- Improved Governance (via version control of document based orchestration)
The resulting benefits of improved security and reduced risk, whilst improving infrastructure operation costs are all quite tangible and more importantly reportable to non-technical parts of the business.
The Hexa Policy Orchestrator is available on Github.
The IDQL working group is available to join here.