Data silos refer to isolated collections of data, such as customer or sales data, within an organization that are not easily accessible or integrated with other data sources. Imagine having separate storage rooms for each department, where each room holds important information, but each department can only access their own storage room. This makes it difficult to get a complete unified view of the entire organization’s data.

A directory information service is a centralized database which stores, manages, and provides access to directory data, such as user identities, resources, and access permissions. Picture a company’s phonebook, listing all employees, their contact information, and their roles, helping everyone find the right person quickly.

Identity silos refer to isolated and fragmented systems of user identity information which is stored separately in different applications or departments, making it difficult to unify and manage user identities across an organization. Picture having different lockers for all your belongings at the gym, office, and home, making it difficult to get access to everything at once.

A knowledge graph, also known as a semantic network or connected data model, represents a network of real-world entities, made up of nodes, edges and labels, and illustrates the relationships between them - visualized as a graph structure. Imagine a smart map that connects pieces of information together, and shows how things are related. By doing so, we can find unique connections and new insights, which makes it easier to answer complex questions, and provide helpful recommendations.

OAuth 2.0 is an open standard protocol that allows third-party applications, like a website or application to access the resources of a user without exposing their credentials. For instance, it allows apps to access your data without giving them your password, keeping your information secure.

Attribute Based Access Control (ABAC) is a security approach that uses attributes (such as title, location, team, etc) to determine access to a resource. A system administrator would be the one to set approved characteristics to determine access. 

Learn more here.

Customer Identity and Access Management (CIAM) is a specialized form of identity management that focuses on managing and securing the identities of external parties such as customers, partners, digital products and AI and providing them with secure and seamless access to digital services and resources. CIAM is a core enabling tool for commercial applications and sits alongside customer data platforms, authentication solutions and Identity and Access Management platforms. Modern CIAM can be a key part of ensuring great customer experience.

Learn more here.

Identity Threat Detection and Response (ITDR) refers to the process of identifying suspicious activities or unauthorized access attempts related to human or non-human identities within an organization's systems, and taking appropriate actions to mitigate and respond to these threats.

Identity and Access Management (IAM) is the system that enables people to have access to and use your systems. IAM ensures that only legitimate parties have the right access to the right resource at the right time. Every application and system will have some kind of IAM functionality. It’s a core enabler of most technologies, enhancing security, and facilitating efficient compliant operations. Simplified; IAM is like a digital bouncer at a club, checking IDs (authentication) and ensuring only authorized guests get in, based on their permissions. 

Learn more here.

Just in time access (JIT) refers to a process of temporarily granting on-demand (privileged) access only when needed for a specific task or period. Access is provided dynamically and automatically based on predefined policies and conditions. It’s like asking and getting a temporary key to a room only when you need to go inside. You don't have permanent access, but you can enter when necessary.

Knowledge-based Access Control (KBAC) leverages contextual and relational data to drive granular authorization decisions. At the core of the IndyKite Identity Platform is the Identity Knowledge Graph, which gathers data from various sources to create an operational data layer. To manage access, KBAC is added, using connected and enriched data to make real-time, context-aware authorization decisions based on your business needs.

Discover our Introduction to Knowledge-based Access Control.

Learn more about KBAC here.

‍

Policy Based Access Control (PBAC) is authorization approach that organizes access privileges based on a user’s role (predefined rules or policies) to determine who is granted access to resources and under what conditions. Policies can consist of a variety of attributes, such as: name, organization, job title, security clearance, creation date, file type, location, time of day and sensitivity or threat level. Once these are combined to form policies, rules are established to evaluate who is requesting access, what they are requesting access to and the action determining access.

Learn more here.

Retrieval-Augmented Generation (RAG) is an AI framework that blends traditional information retrieval systems like databases with powerful generative large language models (LLMs), like ChatGPT. By integrating this additional knowledge with its language skills, the AI can produce text that is more accurate, current, and tailored to specific needs.

Reverse ETL enables the operational use of data by transferring it from the storage location into applications, such as end business platforms and CRMs, for further processing and actionable insights. Unlike ETL, the data warehouse becomes the source rather than the destination.

Role Based Access Control (RBAC) provides a simple and coarse grained authorization approach to organize access to resources based on a user’s role. Each role has a defined set of permissions, and users are granted access to resources according to their roles. Although still popular for many basic internal workforce solutions, RBAC is not able to handle any complexity or granular access logic and is therefore unsuitable for most modern authorization projects.

Learn more here.

Zero-Trust architecture is a security framework that assumes all users, devices, and transactions are potential threats and nothing can be trusted implicitly, therefore requiring strict authentication and authorization measures for every access attempt. A Zero Trust approach is a core pillar of most enterprise cyber security strategies, resulting in strengthened defense against cyber threats, enhanced data protection, and continuous security monitoring and enforcement across its network and systems.

Connected data models involve networks of data points or nodes linked through relationships. Knowledge graphs are a popular way to do this, making connections between disparate sources to provide specific insights. They aim to intuitively represent the interconnected world. The real world is flexible, messy and constantly changing. Our relationships and connections are dynamic and are at times incredibly complex and layered, and knowledge graphs are designed to reflect this complexity.

Dive deeper in our Whitepaper: Connected data for Identity.

A data catalog is the ability to inventory and organize data assets. Capabilities include using machine learning for automatically detecting relationships between data assets. This process involves users verifying and resolving any uncertainties found during automated inventory.

A data lake is a centralized repository that lets you store all your structured and unstructured data at any scale, and allows for processing and analysis of these large volumes of data in its original raw form. Just imagine a giant pool of all kinds of data, and then you can fish out what you need when you need it.

Data mesh is a data management approach that supports a domain-led practice for defining, delivering, maintaining, and governing data products. While it’s not yet an established best practice, data mesh helps ensure that data products are easy to find and use by data consumers, such as business users, data analysts, data engineers, or other systems. Additionally, data products must meet terms of service and SLAs, forming a contract between the provider and the consumer.

A digital identity is the information and data that authenticates and verifies an individual’s identity in the digital world. Perhaps you have an Apple ID - a digital identity for Apple users, enabling access to various Apple services and devices.

A unified data layer, also known as connected data, refers to data stored in a graph data model, which captures relationships between data points. This approach excels at understanding dynamic and complex relationships, managing data intuitively, and providing context to otherwise meaningless information. Connected data offers greater flexibility, insight, and speed for data-driven projects, making it a powerful force in the data management landscape.

Access control is a crucial aspect of security that defines who can access specific data, applications, and resources - as well as under what conditions. In short, it's a selective restriction of access to a resource. Access control heavily depends on authentication and authorization techniques, enabling organizations to verify users’ identities and ensure they receive the correct level of access based on the authorization policy.

Active metadata refers to dynamic information about data that is constantly updated and used to manage and optimize how data is organized, accessed, and used in different systems. It goes beyond metadata with only static descriptions and helps keep track of data's properties, relationships, and usage patterns in real-time, which is crucial for ensuring data quality, compliance, and efficient data management. Essentially, active metadata enables systems to automatically adapt and improve based on the most current information about the data.

Adaptive access refers to a security approach that adjusts access permissions based on real-time user behavior, contextual factors and risk assessments. Just picture a system that changes its rules depending on where you are, what device you’re using and how you normally behave online, and then decide to grant access or not.

An identity knowledge graph, is a real-world network of both person and non-person entities and the relationship between them. The graph captures all identifiers related to an entity, including dynamic attributes such as location, and stores this for each data node, along with capturing what the relationship is between entities which provides ‘context’. An identity knowledge graph can be used to unify data across an organization, applications and channels. The end result is a holistic, connected view of your customers, partners, entities that you can leverage for analytics, AI, access and insights.

Discover IndyKite Identity Knowledge graph

An identity provider (IdP) is a service that manages and authenticates the identity of users for access to applications and resources. For instance, Google serves as an IdP through its Google Account service, offering single sign-on capabilities and authentication services across various Google services and third-party applications. It demonstrates how centralized authentication services can enhance user convenience, strengthen security, and support seamless integration across a wide range of online platforms and applications.

An operational data layer is there to support a business with their operations. Operationalizing means that you are putting your data into operation, versus just doing data tasks and not making use of them. An operational data layer means that it is an intelligent and well structured layer to move data into the organization to deliver outcomes. It aggregates and integrates data from multiple sources, providing a unified, current view of the data necessary for day-to-day business functions. Hence, it is both the infrastructure and the tooling to deliver data to the organization.

Authentication, or AuthN, is the process of confirming that users are who they say they are, ensuring that the individual behind the keyboard is the rightful owner of the associated account username.

Authorization, or AuthZ, is a critical enabler of most systems, be that workforce environments or consumer applications. Based on a set of policies, it determines what actions users are permitted to perform and what resources they can access. Modern approaches use authorization as a key driver of personalized experiences, ensuring efficient and secure access tailored to each user’s role and context.

Learn more here.

Business data refers to any data that is related to a business; its operations, performance, activities, etc. A financial service company could for example use business data to manage client portfolios; from analyzing client data to tailored investment strategies, using market data to mitigate risks, and enhance client interactions through detailed transaction history.

Coarse-grained access control grants or denies access based on a single or small number of factors. It typically involves assigning permissions to broad roles or entire user groups. Imagine a library where only two types of membership exist: "Student" and "Staff." Students may have access to all study materials, while staff members have access to both study materials and administrative sections. This simple, but broad method of controlling access privileges without distinguishing between individual resources or specific needs, is likely to follow a Role-Based Access Control (RBAC) approach.

Connected data refers to data stored on a graph data model, which enables relationships between data points. Graph has a unique ability to understand dynamic and complex relationships and manages data in a more natural, intuitive way, giving context to otherwise meaningless information. Connected data is a powerful force, offering greater flexibility, insight and speed for data driven projects.

Dive deeper in our Whitepaper: Connected data for Identity.

‍

Contextualized data refers to information that is enhanced with relevant context, such as time, location, environmental conditions, historical trends, or external events to provide deeper insights and greater understanding. Traditional databases can’t capture context, however connected data models can in the form of relationships to other data points, attributes and metadata. Contextualized data provides a richer view that can enhance workflows for identity and access management, threat detection, predictive models and personalization.

Data access refers to a user's ability (with permission granted) to retrieve, manipulate, or interact with data stored in a system or database. Simplified, it’s like having a key to unlock a safe where information is stored, allowing you to view, change, or use the data based on your permissions.

Data classification involves organizing data into categories to enhance its usability and security. This process simplifies data retrieval and is crucial for risk management, compliance, and data security efforts.

Data enablement is the means of empowering an organization to collect the full potential of their data. It involves ensuring that data is properly integrated, managed, and delivered to the right users in a meaningful way, so it can be used effectively to drive decision-making and innovation.

Data entity matching refers to the task to figure out if two entity descriptions actually refer to the same real-world entity. By identifying, linking and merging similar or identical entities across different datasets you can create a unified and accurate representation. The goal is to build a cohesive dataset, enabling clearer insights and more informed decision-making.

A data fabric is a design framework for creating flexible and reusable data pipelines, services, and semantics. It uses data integration, active metadata, knowledge graphs, profiling, machine learning, and data cataloging. Data Fabric changes the main approach to data management, which is “build to suit” for data and use cases and replaces it with “observe and leverage”.

Data governance is a framework of rules and guidelines for how everyone should handle and use information in a company to keep it accurate, secure, and useful.

Data integration involves practices, techniques, and tools to ensure consistent access and delivery of data across different areas and structures within a company. It aims to meet the data needs of all applications and business processes efficiently.

Data lineage refers to the lifecycle and journey of data from origin to destination. From creation to how it’s been edited, transformed and used. Data lineage is critical to know how data can and should be used (compliance), how it was generated and how trustworthy it is. This becomes particularly important when considering data for insights or for machine learning and large language models.

Data management refers to the collection, organization, protection and utilization of an organization’s data and is a core enabler of modern businesses. Data is considered a company’s most critical and valuable asset, however without tooling to effectively manage and make use of the data, it is worthless. Data management technologies include Master Data Management, Customer Data Platforms, Data Unification platforms and Data integration platforms. Every system in use at an enterprise collects data, so a clear data management strategy is crucial to manage, govern and make use of all the data in a safe, secure and compliant way.

Data profiling involves statistical analysis of various datasets (both structured and unstructured, external and internal) acting as an enabler to provide business users with insights into data quality and identify data quality issues. Profiling also checks data against established rules from rules management.

Data provenance is a historical record of source data, a way to understand the journey of data throughout the organization. Data provenance plays a crucial role in understanding the quality of your data and ensuring its veracity. It’s like a detailed travel log for data, showing where it came from, where it has been, and how it has changed over time.

Data risk scoring is a method of rating potential risk on different kinds of information based on how sensitive it is and how likely it could be accessed by someone who shouldn't have it.

Data transformation refers to the process of converting data from one format or structure into another, often done to facilitate analysis, integration or storage. Similarly we could say it’s like changing a piece of Lego so they fit better together in your creation, or in order to build something new and useful.

Data trust scoring assesses the reliability of any data with standards that provide instant insight into how much you can trust your data.

Data veracity refers to the accuracy, quality, and reliability of data, in order to make it suitable for decision-making and analysis. The better data veracity, the more trustworthy and better performing your AI can be, for instance.

Dynamic authorization is a context-based decision model that grants or denies access in real-time, rather than relying solely on static, predefined permissions. It works by first identifying the nature of the request, before deciding whether to collect any additional data to make the authorization decision. The process is done dynamically in real-time, and after collecting all context needed the right decision is made, as defined by the application’s access policies. Access is either granted, denied, or more information might be requested. For customers it can enable minimal friction.

Learn more here.

Externalized authorization is access control decisions centralized and separated from application logic. In other words, it centralizes access control decisions for applications and systems across the organization, rather than within individual programs. This means the access logic and policies are consistent, regardless of the application.  It’s like having a central security office that decides who can enter which rooms in all buildings of a company, instead of each building managing its own security. Such centralized management allows security and IAM professionals to efficiently add, update and deploy policies across a portfolio of applications, alongside fine-grained access control which ensures users access the right data and actions. When combined with a dynamic data model, it allows businesses to leverage other data, make faster decisions based on dynamic data points and orchestrate a consistent experience across services (with all systems using the same externalized authorization). 

Learn more here.

Or check out this webinar.

Fine-grained access control allows for more precise management of access permissions, and grants or denies access based on multiple factors. This method provides precise control over who can access what data or functionalities, and becomes particularly important when dealing with access to specific data or in complex circumstances - where you might have more than one account. Imagine a library where access to each section and book is individually controlled. Some books may only be available to specific membership types, and users may need different permissions to borrow books or access special collections.

Learn more here.

First party data refers to information directly collected by a company from its customers or users. It is typically obtained through interactions, transactions, or engagement with the company's own platforms, products, or services. First-party data includes information from sources like your customer relationship management (CRM) system.

Fragmented data refers to data that is scattered across multiple sources or systems in a disorganized manner, making it difficult to access, analyze and use. A company may use different systems for sales, inventory, CRM, marketing, etc. Without this data unified, it can be difficult to get a complete picture, leading to poor decision making and unsatisfied customers.

Identity data includes all data related to an individual generated by the identity provider (IdP). Such as name, email address, location, etc, along with access behavior and other Identity and Access Management (IAM) system data relating to a human or digital entity. Due to security concerns, this data is often kept separate from customer data platforms (where there is significant duplication) and other business data. Identity data is full of value when unified in a secure way with other business data. This offers benefits not just for the business but for the customer’s experience as well.

Identity fabric is an architectural approach designed to seamlessly integrate identity and access management with infrastructure, applications, and services. Unlike traditional solutions, meshes and fabrics cannot be "procured" as a one-time product; building, operating, maintaining, and utilizing them is an ongoing process. In the identity world, an effective identity fabric connects identity and business data across various domains, centering on the identities of users, machines, and devices within an interconnected web.

Identity management refers to the processes and technologies used to manage and secure digital identities, including user authentication, authorization, and access control. While commonly thought of in the context of internal workforce management, identity management also plays a significant role in customer experience, device and system automation and even personal identity management (via digital wallets).

Identity metadata is information that describes and provides context about other data entities (or identities - which can be human, machine, AI, or just an individual data node). Often referred to as “data about data”. An easy example here would be online streaming services, using metadata to manage its vast library of movies, tv-series and music. Descriptive metadata such as titles, genres, cast, release dates, together with technical metadata such as file formats, resolution etc, and usage metadata like ratings and personal preferences are all used together to enhance search, give personalized content recommendations, and provide detailed information to users.

Identity orchestration refers to the process of managing and coordinating all the different parts of identity management in an organization into smooth frictionless workflows. Like a conductor leading an orchestra, coordinating all the musicians to play together in harmony.

Identity powered AI is an approach that embeds trust into AI by associating each data point with its source, verification status, and risk score. By ensuring every piece of data has an identity, this method enhances the reliability and accuracy of AI models, leading to more secure and informed decision-making.

More details in our E-guide: Identity-powered AI.

Identity resolution is the process of accurately connecting data to a person, across different data sources into a unified profile. For example a person using his loyalty card in-store and later browsing the online store would be recognized as one customer profile. Which makes sense as it is still the same person.

Identity-first security emphasizes protecting identities as the foundation and ensures that the right individuals have access to the right resources at the right time for the right reasons. It’s a security approach that prioritizes secure access management based on robust identity verification and authentication practices. It’s like building a strong fortress starting with verifying who is allowed inside.

Least privilege is a security concept that restricts user access rights to the minimum level needed to perform the job, based on roles and responsibilities. Benefits include; enhanced data security, mitigated risk associated with unauthorized access, and ensured compliance with regulatory standards for data protection.

Real-time data visibility essentially means live information. It refers to the capability of accessing and analyzing data as it is generated or updated, providing immediate insights into current business operations or conditions. It’s like watching a sports game on your phone. You can see the score, and plays as they happen in real time. For a company, being able to have real-time visibility and insights on their data, offers many opportunities such as facilitating proactive decision-making, and improving overall efficiency.

Technical debt refers to the total expense caused by inadequate architecture or software development. These may be decisions to prioritize speed over design, but it is more often the result of short-sighted, siloed software decisions without a view to the broader architecture. Legacy solutions that have become obsolete over time, but are incorporated in a way that is difficult to remove also contributes to an organization’s technical debt.

Trust fabric is a concept primarily driven by Microsoft, defined as a real-time approach to securing access that is adaptive and comprehensive. A trust fabric authenticates identities, verifies access conditions, checks permissions, encrypts the communication channel, and monitors for security breaches. All continuously evaluated in real-time.

Unified data refers to the alignment of data from various sources into a single, coherent view, enabling comprehensive analysis and decision-making. Unifying data across the organization provides an opportunity to remove both technical and organizational silos, gain greater understanding and insight and enable better business outcomes.

User-approved data sharing essentially means giving permission to a third party to use your personal data. This practice ensures that users have control over which data is shared, with whom, and for what purpose.

Zero-party data is information explicitly provided by the customer, usually through direct interaction or surveys, unlike other forms of data, which are typically observed or inferred. It’s like going shopping and telling the store exactly what you are looking for, and by sharing your preferences directly, they can give you personalized recommendations and offers based on what you have told them.