Hexa Open Source Project for Multi-Cloud Policy Orchestration Accepted as CNCF Sandbox Project

Strata Identity announced the Hexa and IDQL (Identity Query Language) open source project that enables organizations to apply consistent access policy across any application on multiple cloud platforms has been accepted as a sandbox project by the Cloud Native Computing Foundation (CNCF): https://www.cncf.io/projects/hexa/

“Cloud Identity is extremely fragmented with no clear path for orchestrating policy management across different service provider platforms,” said Gary Rowe, principal consulting analyst, and CEO of TechVision Research. “IDQL represents a major step forward in providing a standards-based approach for cloud-based IAM governance.”

CNCF is a non-profit organization under the Linux Foundation committed to managing open-source cloud-native projects. The authors and working group members of IDQL and Hexa include Strata Identity, Kroger, Versa Networks, S&P Global, Cummins, and MEF. Others interested in supporting the Project can find more information at https://hexaorchestration.org.

Currently, each cloud platform (AWS, Google, Microsoft Azure, etc.) uses a proprietary identity system with its own policy language, all of which are incompatible with each other. Meanwhile, each application must be hard-coded to work with a specific identity system. According to the 2022 State of Multi-Cloud Identity report, this is a major challenge for organizations, with only 25% of respondents stating that they have visibility into multi-cloud access policies.

Strata Identity has spearheaded the Hexa and IDQL project based on the company founders’ experience co-authoring the SAML standard for SSO Federation. The vision for this new project is to usher in a well-conceived open-source policy orchestration framework that expands the possibilities for businesses, consumers, and software vendors to benefit from the transition to a modern, transparent and passwordless approach to identity.

“Managing access policy across incompatible cloud identity systems is a major stumbling block for organizations and is slowing down digital transformation and modernization projects,” said Eric Olden, CEO of Strata Identity and one of the co-authors of the ubiquitous SAML internet identity standard for single sign-on. “IDQL and Hexa eliminate identity silos without requiring cloud providers and application owners to make any modifications to their systems. With the support of the CNCF and our growing community of working group members, we believe Hexa will transform cloud identity.”

IDQL and Hexa enable any number of identity systems to work together as a unified whole without making any changes to them or to applications. Together this open source project provides the following benefits:

Policy discovery

• Analyzes and performs inventory of key apps, data, and policies
• Uncovers which apps exist and where they are
• Finds what policies, users, and roles exist

Policy translation

• Translates native, imperative policies into declarative IDQL policies during policy discovery
• Translates declarative IDQL policies into native, imperative policies of the target system(s) during policy orchestration

Policy orchestration

• Distributes policies to be enforced by identity providers (IdPs), clouds, IaaS, and network systems
• Works via a cloud-based architecture that does not require an agent, proxy, or local code
• Uses an extensible, open-source model that supports custom connector integrations