IdM and the Cloud: A Chance To Do Things Right

Over 2 months ago (wow, time really flies when you are trying to keep up with the Twitter firehose), I wrote an introductory post to a topic that I am beginning to examine in some detail – the impact Cloud Computing will have on Identity Management. Back in May, I tweeted that I believe cloud computing will change how enterprises approach identity management in much the same way that compliance did a few years ago. With tools such as office 365 reporting, potentially, if companies decide to implement this amongst their business, hopefully, they’ll notice an increase in employee productivity and mobility. And last month at Burtons Catalyst conference, we saw a lot of evidence of that, most notably at the cloud computing single sign-on interop. In fact, I will be doing a webinar with Martin Kuppinger (Kuppinger Cole) on the topic of Identity Services and the Cloud next week on the 21st of September (free registration), and speaking about it at Oracle OpenWorld as well.

The Cloud Hanging Over Us

At Catalyst, Dan Blum stated that cloud computing is not ready to be a serious player in the enterprise when it comes to applications that handle sensitive data (some would argue that covers most enterprise apps). This reflects the biggest obstacle facing cloud computing acceptance – Trust. Enterprises need to be able to rely on cloud providers (read: have SLAs) for availability, security, performance, governance and privacy. But how can they do that when there are so many unanswered questions (as I pointed out in my previous post) and a lack of transparency on the part of the cloud providers? How can an Enterprise feel comfortable when Google says “The service is neither designed nor intended for high risk activities” or Amazons contract states “We are not responsible for any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of, Your Content (as defined in Section 10.2), your Applications, or other data…“. That being said, there are already ways in which cloud computing is being used to handle money matters such via the saga pattern which is a good means of handling data preservation across the system. There are other uses as well, such as payroll. For instance, multinational and global businesses worldwide are using service providers like CloudPay to better manage their payroll systems. Perhaps in the future this ability to improve the levels of compliance and efficiency of a business will expand into other areas as well.

Looking at the Silver Lining

When people talk about the business drivers for cloud computing, it is often summed up as the following list: Cost, Flexibility, Simplicity, Availability. But why not Security? Cloud architecture actually lends itself to a far more robust and reliable security architecture than anything that has come before, especially when it comes time to send big files online compared to conventional methods. Everything can be built right into the platform and the applications, and the need for vendors to support multiple customers in a dynamic environment means that all of it has to be standardized and easy to put up/take down.

So what are the major identity management pieces in this puzzle?

• Federated Authentication that spans the enterprise environment and the cloud environment
  • Alternatively (or additionally), consider supporting User-Centric Identity
• Strong User and Access Lifecycle Management (Provisioning/De-Provisioning Capabilities)
• A Claims-Based Authorization model, coupled with strong XACML-based Entitlement Management
• Enterprise Identity Providers protected by IGF-style policy controls
• DLP (Data Leakage Protection) tools that protect sensitive data moved to the cloud
• A standardized Audit Framework for creating, managing and analyzing audit trails across cloud services

In my follow-up posts (and in the talks I am giving), I will look at each of these in more detail. In the meantime, register for the KuppingerCole webinar I’ll be doing and lets exchange some thoughts.