Federated Identities: Is Secure Ease-of-Access Keeping Up with Cloud Usage Patterns?

B. Ostergaard

B. Ostergaard

Summary Bullets:       

  • Business users are pushing companies into a multi-cloud environment.
  • The automated mechanisms for handling multi-cloud access securely are not yet in place.

It’s not just the European summer weather that’s cloudy; so too is the future IT paradigm.  In this emerging multi-cloud near-future, business users will want easy access to corporate cloud resources from their private cloud, as well as the ability to launch apps in a platform-as-a-service (PaaS) environment and the ability to access a variety of ever-changing external SaaS clouds.  Users would prefer not to have to log in to these clouds individually with different passwords and log-in procedures, which just results in people keeping lists of passwords on yellow stickers or Word files on their desktop computers, clearly breaching any corporate security policy.  Public cloud destinations such as Amazon mostly rely on user-centric passwords (i.e., not aligned with the password used for corporate data site access), and even if a cloud site such as Salesforce.com (SFDC) is linked to a specific corporate account, it will still not sync with the user’s corporate password.  If the company wants to make such cloud access easy and safe (and keep password lists off user desks), the solution lies in storing individual passwords in the company’s Active Directory (AD) and subscribing to a federated identity service that automates access to multiple clouds based on the user information in AD.  With a federated identity service, users get a single sign-on service that may be either single-factor or require two-factor authentication for access to sensitive data.

There are two issues relating to federated identities: first, whether it scales, and second, whether the SaaS cloud supports SAML2. Scalability is an issue if the number of clouds increase significantly and need frequent updating in the directory system, or if users shift their cloud priorities often.  We do not currently have credible metrics documenting the ability of the existing federated identity solutions on the market.  The other issue pertains to SAML2, which is a standard for exchanging authentication and authorization between security domains.  Some sites such as SFDC are SAML2-compliant, and thus interface well with federated identity servers, whereas others such as Microsoft 365 are not.  This illustrates the maturity issues that more widespread cloud adoption still faces.  Where are you as a corporate cloud planner in this process?  Are you adopting the federated identity approach or managing the access issue in some other way?  

About Bernt Ostergaard
As Research Director for Business Networks and IT Services at Current Analysis, Bernt covers the competitive landscape for system integration and IT service provisioning, and analyzing the managed security services across carriers and IT Service Providers. He brings with him a broad understanding of the competitive issues and environment that currently exists in the rapidly changing IT services and telco sectors.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: