Cloud Identity Management – Old wine in new bottles

I want to elaborate on my cynical remark in a previous post about finding something cynical in rewrapping IAM solutions for the perimeterized organisation in a new box with a cloud motive.

Let’s put it this way: If Vendor A was not particularly successful in the IAM market, is there any reason to believe that without building in support for new cloud oriented standards their software would be more successful in a cloud environment, than in a perimeterized environment? 

Maybe it is useful to remind ourselves what a good definition of the cloud is. I am grateful to a pointer given by Alexei Lesnykh to a learned article published by the RAD lab at UC Berkeley.

The authors take a hardware point of view and note only three aspects are new in Cloud Computing: 

  1. The illusion of infinite computing resources available on demand, thereby eliminating the need for Cloud Computing users to plan far ahead for provisioning;
  2. The elimination of an up-front commitment by Cloud users, thereby allowing companies to start small and increase hardware resources only when there is an increase in their needs; and
  3. The ability to pay for use of computing resources on a short-term basis as needed (e.g., processors by the hour and storage by the day) and release them as needed, thereby rewarding conservation by letting machines and storage go when they are no longer useful.

Alex then observes along the same lines as I once did that the security issues as related to corporate usage are really no different from what went on before when ‘Outsourcing’ was the buzz word. In other words the same con’s and the same pro’s apply. It’s just as difficult!

On the contra side still the concern of having corporate information assets off premise weighs heavy on the CSO’s mind. On the Pro side the notion that the big cloud providers (as was the case with the big ‘outsourcing partners’) probably are a lot better at protecting these information assets as the in-house IT department, for whom this is a secondary task.

So the cloud is a red herring. A cloud motive wrapping paper for an IAM solution is a con-trick, if the only thing new in the box is support for SAML.

De-perimeterizition is the real issue and the fact that the organisation has to interwork within an increasing number of different security domains, each with their own firewalls and different security policies and different abilities to protect against security breaches and the data loss that might result from the weakest link in a certain supply chain. SAML is still the prevailing standard for cross-domain single sign-on and there is nothing wrong with an IAM product’s strong support for it. But SAML was already needed long before Cloud came into play.

However the real forward looking vendors should have their sights further than the name I gave to SAML (namely web 1.5) and that is where support for Open Identity comes in.

So forget about the marketeers’ use of ‘Cloud ready’. Ask them what they really mean with that and make sure it’s not just old wine in new skins.

Advertisements

About lasancmt

Passionate about Identity Management Disgusted at #ukip and #brexit
This entry was posted in Identity Providers and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s