Identity management has been around since the first mainframe, but with one machine and one user, it wasn't much of an issue. As business computing evolved to the client/server architecture, many users would access a handful of applications. That made federated identity management (across all the apps) a little more complex -- but passwords still did the job.
Today, in a virtualized business environment where users located anywhere might access dozens of applications on numerous mobile devices, federated identity management has become the holy grail for IT executives like Benjamin Doyle, director of applications at network security provider Enterasys Networks Inc.
Enterasys has been in the cloud "for a long time," according to Doyle. The Andover, Mass.-based company was a pioneer user of Salesforce.com Inc.'s service for customer relationship management, and started using BigMachines Inc.'s cloud-based quoting and configuration service in 2007.
"We're fairly aggressively adopting new solutions," Doyle said. "But as we started to deploy point solutions from smaller vendors and startups, the question was, how do we manage the security and authentication around these cloud-based solutions?"
Microsoft Active Directory is his company's "source of truth" for user status, Doyle said: "It works great for on-premises software, but it's been a challenge for our cloud software."
Doyle found another cloud service to solve the problem: Okta Inc.'s identity management Software as a Service (SaaS), which integrates with Active Directory to provision and deprovision users automatically. Fischer International Systems, Ping Identity, Symplified Technologies and most recently, Verizon Communications also offer identity management SaaS solutions for cloud-based applications and services.
Using the Okta service, Enterasys users access a customized homepage providing single sign-on and self-service across the applications in Okta's catalog of more than 200 cloud services. Those services' providers include ADP, Big Machines, Cisco Systems, Citrix Systems, Concur Technologies, Facebook, Google, LinkedIn, Microsoft, Oracle, Salesforce.com, Taleo and Twitter.
Federated identity management for the masses
As the field of identity management providers for cloud services grows, so do groups of government agencies and vendors vying to influence the field of federated identity management. The Obama administration, which is leading the charge to the cloud, has called for a Trusted Identity Ecosystem to be developed by private enterprise.
As we started to deploy point solutions from smaller vendors and startups, the question was, how do we manage the security and authentication around these cloud-based solutions?
Benjamin Doyle, director of applications, Enterasys Networks Inc.
The Open Identity Exchange (OIX), a nonprofit organization founded by Booz Allen Hamilton, CA, Equifax, Google, PayPal, VeriSign and Verizon, is working to develop trusted online identity credentials across the public and private sectors. With initial grants from the Information Card Foundation and the OpenID Foundation, which was formed by Facebook, Google, IBM, Microsoft, PayPal, VeriSign and Yahoo, OIX has been approved as a trusted framework provider by the U.S. government to certify online identity management providers.
The OASIS Identity in the Cloud technical committee, backed by CA, IBM, Microsoft, Novell, Ping Identity, Rackspace Hosting, Red Hat, SafeNet and Symplified, is working to address the security challenges posed by identity management in cloud computing by identifying gaps in existing identity management standards. And The Open Group, a 20-year-old vendor- and technology-neutral nonprofit organization, is working on an international framework for identity management standards.
Clearly, the government and the computer industry recognize the need for federated identity management in the cloud. While the various groups compromise and continue to develop the ecosystem, however, new services from the identity management SaaS providers may become de facto standards. These services are much less costly and increasingly easier to implement than traditional on-premises identity management systems, and the need for unified cloud services access management is immediate.
As Enterasys Networks' Doyle has realized, when you don't control the physical building, you have to control access.
Let us know what you think about the story; email Laura Smith, Features Writer.