It is going to be very critical that identity management be addressed as a major factor when one decides to put applications on the cloud.
As majority of services and applications move and get deployed on the cloud, enterprises are increasingly relying on software as a service (SaaS) applications. The challenge of this trend stems from employees being prompted multiple times for user authentication for each SaaS application. Password management and administration is time consuming and inefficient. Additionally, there is no standard way of provisioning or de-provisioning user accounts and passwords within multiple SaaS applications.
On demand Provisioning:
The first major requirement from a identity management stand point in the context of Cloud and SaaS models is the need for On demand Provisioning. On demand provisioning will help companies address the dynamic on boarding and off boarding of employees, users and identities to corporate applications hosted on the cloud. Companies like identropy (www.identropy.com) and ofcourse bigger players like Oracle Identity manager are doing this.
Connectors for the Cloud
A critical facet of identity management is about the ability to connect and fetch the identities from disparate systems. Now with the advent of applications being hosted on the cloud with front ending abilities given for people to access from variety of access modes, connectors to apps on the cloud are critical. ISV’s have started building connectors to applications like salesforce.com, webex, google apps, expensable, MS-Sharepoint and many more. Systems with ability to connect to applications on the cloud and yet seamlessly achieve authentications with enterprise directories like LDAP, Active directory are in a great demand for achieving hassles less access to applications.
Secure authentications as a service
Companies are increasingly providing securing authentication mechanisms as a service. This includes either agent less single sign on solutions, secure token less solutions et all. It is important to understand the characterstics of different protocols available in the market today for different type of applications to have secure authentication in place.
Vendors who provide point solutions need to ensure they have the flexibility to integrate with existing IDAM solutions like Tivoli and Netegrity where companies have already made investments. When federated identity and on demand applications come into place these vendors must and should account of integrations with ESSO and WebSSo solutions from the likes of Oracle, Citrix, IBM et all.
Building these kind of products requires deep understanding of security architecture and design, complexities of SaaS enablement and various authentications in place. It also requires expertise in areas like SAML which is playing a defining role in ensuring leading platforms on the cloud whose applications enterprises want their employees to access are done securely. For example to work with salesforce.com related apps on the cloud support its SAML1.1 and its SAML2.0 in the case of google apps and Cisco webex. So companies who want to build provisioning, identity life cycle management solutions for the cloud and SaaS market spaces need to accomodate these in their work charter.
Developing such products and solutions require a strong domain knowledge of security, high standards of programming and deeper understanding of SaaS and cloud architectures. We have time and again worked in cutting edge areas related to security and design, development and deployment of SaaS applications. In the next set of posts i will further discuss some interesting ways of leveraging identity management aspects for cloud and data centers.