By now CTOs, CIOs, and business executives understand that virtualization and cloud computing represent the single most important re-architecting of the information infrastructure in the history of computing. The impacts of this trend will be seen over the next decade and these technologies will be key enablers for delivering everything-as-a-service. And during this transformation, the requirements for identity and access management, and the related component technologies, business processes, and services supported inside the data center and through provider services will be re-architected, integrated, and delivered as a cohesive and consistent set of virtualized collaboration services to the end-user.
Virtualization and the State of the Collaborative Internet
As organizations move along this virtualization journey, SaaS applications including leading offerings from Salesforce.com and Google will increase in their rate of adoption due to their inherent value, the capital investment posture of organizations large and small, and the level of integration that can be achieved with existing enterprise infrastructure. And identity and access management is the foundation for virtual integration, providing a basis for the collaborative Internet.
Conversations at the recent RSA 2010 conference with practitioners and providers clearly underscore this, as well as the pervasive use of Web 2.0 and the services that these technologies enable in enterprises of all sizes. Here’s a snap shot of what people were saying, and what I heard:
- Internet application use has exploded — virtually all practitioners use at least one form of internet application, including SaaS, Google or Paypal Identity, Linked-In, YouTube, etc.
- According to a few vendors, almost all enterprise-monitored traffic shows the presence of social networking, including file sharing, from within the enterprise. With this data, it’s impossible for the CIO to ignore the impact of Web 2.0 technologies and collaboration affects on enterprise business.
- Unifying communication infrastructure between internal and external applications is a major trend attracting significant investments.
- Identity and access management is a costly and risky part of unifying communications, and a key challenge is how to leverage existing infrastructure (and it’s not just AD or LDAP directories).
The Identity Anchor
In discussions with Symplified CEO Eric Olden, he believes that "Identity and access management is the anchor of Web 2.0 applications and technology." Previously the focus on identity was solely on how to extend internal identity and access services to the cloud, to SaaS applications, and collaboration environments outside the enterprise. To do this, four key services needed integration:
- Authentication – establishing digital credentials and being able to rely on them in various transaction settings.
- Access – using a trust digital credential and granularity to provide discretionary, or mandatory access control to services, resources, data, etc.
- Audit – monitoring and reporting successes and failures of the complete identity and access management environment.
- Administration – configuring and maintaining the authentication, access, and auditing environment
Federation 1.0
The extension of these services to resources beyond the enterprise is an implementation of identity and access management federation - a way of transforming these enterprise desktop functions into a series of seamless, interactive services for the end-user. For example, as end-users move to Google apps and the Google cloud, this level of identity and access management provide the capability to engage them with content and business records without regard to the actual location of an application, a file, an email, a database, or any form of structured or unstructured content. And of course there is less of a need to build and maintain new identity stores or rip and replace existing identity infrastructures to gain the value of content and services outside of the data center - the collaborative Internet.
Federation 2.0 - Brokering Identity
But as identity becomes a service in-and-of itself in the collaborative Internet, organizations will look for ways to broker these identities in a secure, trusted, and reliable way across services. This can be seen today with services such as Facebook Connect, which allows a Facebook user to gain access to content and services in Linked-in, Twitter, Digg, and other collaborative environments without a separate log-in. The result is a simple, less-complex user experience and purportedly lower user management costs. Could this model extend to Web 2.0 enterprise applications in the collaborative Internet, where for example a Google Apps or Salesforce.com identity is brokered by the enterprise for its employees to connect to an ERP application in the SAP cloud? Will this ultimately reduce the costs of maintaining internal identity stores, and what are the offsetting costs and risks?
Action Item: CIOs/CTOs should embrace the collaborative Internet as part of a mainstream business information culture today. CISOs must look for ways to effectively extend and support identity and access management policies and infrastructures beyond the data center and stay in step with the emerging trends driven by the increase in sophistication and numbers of identities in the cloud.
Footnotes: