Notes

Identity & Access Management in the Cloud
The other day I was asked to give some sort of presentation at the IBM Tivoli User Group on Identification & Access Management From the Cloud to IBM staff members, IBM Business Partners in addition to customers of IBM Tivoli Security products. I soon realised that my first problem was going to be determining The Cloud. Not every person I spoke to before the presentation knew the actual Cloud was!

So What Is The Cloud?
The Cloud is a term bandied concerning all too readily these days as well as for many people it merely presents everything that happens on the Internet. Some others, however , are a little more rigid with their definition:


"For me, cloud computing is a industrial extension of utility precessing that enables scalable, elastic, extremely available deployment of software applications while minimizing the level of comprehensive interaction with the underlying technologies stack itself. "
"Computing on tap - you get what you want literally from a socket in the wall. "

"Cloud computing is just a virtual datacenter. "

Wikipedia, naturally, has its own definition.


Cloud computing is Internet based development and use of computer technology. In concept, this is a paradigm shift whereby information are abstracted from the end users who no longer need information about, expertise in, or handle over the technology infrastructure "in the cloud" that sustains them.
Of course , there are several levels of computing that a provider in the Cloud can offer. Use of a particular software application (eg Google Docs) is just one such supplying. Another would be akin to a software development platform (think Search engines App Engine, Microsoft Violet and Salesforce's force. com). Then, of course , there are typically the raw infrastructure services - servers provisioned "on-tap" to get end-user usage (eg Amazon Ec2).

We are probably all users of Cloud expert services if we think about it. A quick seem inside my Password Risk-free vault reveals almost 300 different User ID as well as Password combinations for expert services on the net including:

Blogger
Twits
Facebook
LinkedIn
Google Docs
Gmail
Screenr
ChartGo
Typically the Enterprise Model
While it is easy to see how personal using of Cloud applications has grown over recent years, it may come mare like a surprise to learn how the Party is adopting Cloud utilization.

According to EDL Consulting, 38% of enterprises will be using a SaaS based eMail services by December 2010. Piquante Media report that 12% of Financial Services firms have already adopted SaaS, mainly from the CRM, ERP & HOUR fields. And our friends at Gartner reckon that a third of ALL new software will be delivered via the Software model by 2010.

I feel it? SaaS is already happening inside enterprise. It is here in fact it is here to stay.

With any change to the enterprise operating unit there will be implications - a number of real and, just as crucial, some perceived.

In the Recognized Risks category, I'd spot risks such as loss of handle; storing business critical info in the Cloud; reliability from the Cloud provider; longevity in the Cloud provider. Of course , they are only perceived risks. Who may be to say that storing business critical data in the Fog up is any less hazardous that storing in the enterprise's own data centre? There can be different attack vectors that really must be mitigated against, but which mean the data is just about any less secure, does it? In addition to who says the enterprise has got to lose control!

Real risks, however , would include things like the particular proliferation of employee individual across multiple providers; acquiescence to company policies; the modern attack vectors (already described); privacy management; the intention impact of data storage places; and, of course , user administration!

Find more
As with any brand-new IT delivery methodology, a raft of "standards" appear to appear. This is great as long as there is wide-spread adoption on the standards and the big suppliers can settle on a specific normal. Thanks goodness for:

Typically the Open Cloud Manifesto
The particular Cloud Security Alliance

These men, at least, are attempting to address the criteria issue and I am specifically pleased to see CSA's Domain name 13 on Identity as well as Access Management insisting within the use of SAML, WS-Federation in addition to Liberty ID-FF.

Access Manage
And on that point, the various Fog up providers should be congratulated individual adoption of security federation. Security Assertion Markup Language (SAML) has been around for over some years now and is a very good way of providing a Single To stay solution across the enterprise firewall. OpenID, according to Kim Cameron j., is now supported by 50, 000 sites and 500 million people have an OpenID (even if the majority don't understand it! )

The problem, until recently, has been the problem of identification ownership. All major providers desire to be the Identity Provider inside the "federation" and Relying Parties were few and far between. Thankfully, there have been a marked shift in this particular stance over the last 12 months (as Kim Cameron's figures support).

Then there are the "brokers". Those companies designed to make the "federation" process a lot less distressing. The idea is that a single-authentication to the broker will allow wider access to the SaaS group.

Symplified and Ping Identification seem to be the thought leaders within this space and their marketing blurb comes across as comprehensive and also impressive. They certainly tick often the boxes marked "Speed To be able to Market" and "Usability" but again those perceived risks could be troublesome for the wary entity. The "Keys To The Kingdom" issue rears its unpleasant head once more!

Identity Management
SPML is to identity administration as SAML is to easy access management. Right? Well, pretty much. Service Provisioning Markup Language (SPML) was first ratified in October 2003 with a huge selection of. 0 ratified in April 2006. My guess? We need one more round of ratification! Let's take a examine the evidence. Who is at present using it? A Google search returns precious little. Google Software uses proprietary APIs. Salesforce uses proprietary APIs. Zoho uses proprietary APIs. Very best point of a standard in case nobody uses it?

Acquiescence & Audit
Apparently, 45 times more information will be earned during 2009 than through 2008 AND the "digital universe" will be ten times much larger in 2011 than it was 5 years ago! Those are staggering numbers, aren't they? And the bulk of that data will be very unstructured - like this weblog or my tweets!

The importance of auditing the information we put out into the digital universe is greater than ever but there isn't any standards based approach to Conformity & Audit in the Cloud hosting!

Service Providers are the current custodians of the Compliance & Taxation process and will likely keep do so for the time being. Actually, Find more are quite good at this kind of as they already have to follow many different regulations across numerous legislative jurisdictions. Typically, nonetheless they present Compliance and also Audit dashboards tailored to top to bottom markets only.

It's easy to undestand, I guess, that for a multi-tenancy service there will be complications distancing out relevant data for any enterprise compliance check.

Going To The Cloud
There are companies out there who claim to are able to providing an Identity Managing as a Service (IDaaS) which usually sounds great, doesn't it? Take away all that pain regarding delivering an enterprise sturdy IdM solution? In practice, nonetheless it works well for establishments who operate purely inside the Cloud. These solutions previously understand the provisioning requirements on the big SaaS operators. Whatever they can't do quite also, though, is the provisioning back to our enterprise systems! Decades enough to assume that an enterprise runs everything from their very own Active Directory instance, in fact. Also, we have to remember that utilizing an IDaaS is akin to giving away the "Keys To The Kingdom". Remember our perceived hazards?

An alternative is to move the business IdM solution into the Fog up. Existing installations of MICROSOFT Tivoli Identity Manager as well as Sun Identity Manager or even insert your favourite vendor here Identity Manager can be moved to the cloud making use of the IaaS model - Amazon . com EC2. The investment throughout existing solutions would be saved with the added benefit of scalability, flexibility and cost-reduction. Is this a model that can be adopted easily? Most certainly, as long as the actual enterprise in question can get the head around the notion regarding moving the "Keys Towards the Kingdom" beyond its the firewall.

Conclusion
The next generation of user is already web-aware - SaaS is here to stay - and SSO is finally within our grasp with only a handful of big players dragging their high heel sandals when it comes to implementing standards including SAML v2. 0. It had been also intriguing to play along with Chrome OS last week (albeit an early prototype version). Establishing desktop sign on with the internet just tightens things that little bit further (in a Search engines way, of course).
Read More: https://isdownstatus.com/status/defiance2050.com