What identity can learn from the Blob
What limits the size of a city?
It’s not a particular industry, nor is it a favorable setting. What limits the size of a city is the speed of its transportation. As innovation accelerated transport, cities grew larger; people could range further for school, work, and community. But even this new growth, it created a new set of problems caused by the sheer scale of the urban environment.
As resources and people spread out from each other, designing an approach that would allow for the easy use of that rapid transport became nearly impossible with old methods.
If transportation is the lifeblood of cities, then identity is the lifeblood of organizations: it’s the key to security, productivity, and the essential ingredient to healthy growth. And just like sprawling cities, we have growing numbers of identities at an increasing logical distance from the core. Designing an approach that allows for the easy use of identity is nearly impossible with our previous approach.
These are real challenges, but there appears to be a solution. Nature, as they say, has found a way.
Meet the author of this strategy: Physarum polycephalum. Common slime mold. Aka, “The Blob.”
The Blob can not only find food sources, but solve mazes, remember where it’s been, and, in one famous experiment, recreate the Tokyo transport network. This system has taken engineers decades to optimize.
The Blob did it in just twenty-six hours.
This success should encourage us to apply slime mold’s organic approach to complex systems that can also be used for our identity problem. The Blob’s approach relies on being distributed, adaptable, and symbiotic.
Distributed
First, the slime mold’s approach is distributed. It is not monolithic; it consists of hundreds of cells, each acting independently. The leading edge of the mold senses the local environment and decides what to do. All share the overall policy: usually, it’s something like “stay alive and grow”—moving towards food and away from harm. It’s much like a gaggle of two-year-olds: avoid sharp objects and eat animal crackers.
This distributed approach will modify our approach to identity: while a centralized policy should be set (and governed appropriately), the edge should be empowered to make decisions based on local context. Instead of relying only on coarse-grained authorization or pre-provisioned entitlements, the advantage may be called on to make decisions with any additional context it is aware of. This is particularly important in environments where context is either brief (e.g., cloud-based resources) or only available locally (verifiable credentials presented at the edge providing identity claims.)
Adaptable
The Blob’s approach is also adaptable. As it learns about the nearby world, it can modify its policy. For instance, it assumes that all salt is dangerous. However, with repeated exposure to low-salt environments, it can learn that they are not harmful.
Identity policy must be adaptable as well. The first time a new identity context (e.g., a new location or device) arises, the access should be immediately denied, or additional identity verifications demanded. With repeated exposure to these new contexts—say, a user repeatedly coming in from a new location and passing MFA checks each time—those experiences should percolate up, feeding machine learning models to adjust the overall policy to the new normal. The approach and resulting access model then become an organic, living thing.
Symbiotic
Finally, Slime Mold’s approach is symbiotic. Placing two slime molds in the same environment results in them combining to become one—sharing the same geographic space and any previous experiences. The learned behavior with salt can be transferred to the other slime mold. The Blob is a team player.
Identity must do the same. Security has long been fragmented, with each component (SDN, IDP, SIEM, etc.) acting as a silo of information. This is anathema if we want to implement strategies like zero trust fully. Using emerging standards such as Shared Signals, each component must share what it knows with others; identity must be a team sport.
Imitating the Blob
Slime mold, despite being a brainless, single-celled organism, holds the key to an emerging approach to identity strategy, and that through a distributed plan, adaptable intelligence, and symbiotic relationships, we can wield identity so that our organizations can thrive in this new, expansive world.
If we are to succeed with identity going forward, to create a distributed, adaptable, and symbiotic strategy, then we must emulate the Blob.