2009年8月1日土曜日

Cloud-Based Identity Services Taking on a Different Look As They Grow

Cloud Computing市場でのセキュリティソリューションでID管理は重要な用件であり、それをSaaSのサービスとして提供するベンダーが登場し始めている。  OneHealthPort, ID Analytics,Privo、Conformity、Symplified、Ping Identity等のベンダーが相次いでソリューションを提供している。 
 

Cloud-based identity services are starting to gain a foothold among corporate users, but the evolving architecture looks nothing like the platforms companies have been building internally, according to Bob Blakley, vice president and research director at the Burton Group.

"The perception has been that [cloud-based identity services] would be this big monolithic thing, but that is not what the service providers built," said Blakley, who spoke on the opening day of the Burton Group Catalyst Conference in San Diego. "What the market is building is a set of small specialty firms that handle individual identity tasks and offer discrete billable units that companies can put together."

What is emerging, says Blakley, is the ability to build a virtual identity provider using a multitude of different services.

"A lot of customers will put these things together into packages that don't look anything at all like what a licensed [software] identity platform looks like today," said Blakley.

One [service provider] does the vetting, one does the provisioning, one the risk scoring, and on down the line, "and all those are put together by the end user," said Blakley. All of these services and more are available and in use today, he said.

The services include OneHealthPort, ID Analytics, Privo, Conformity, Symplified, and Ping, which Tuesday integrated PingConnect with Google Apps so a user's Google ID can be used for single sign-on across some 60 online services.

While the cloud architecture provides flexibility, it is not without concerns.Blakley says users will have to consider that quality-of-service terms and SLAs are not standardized, the threat of service failures brings liability issues, mechanisms for security and privacy are still evolving, business continuity issues around failed providers are not well established and regulatory issues raise many questions.

"There are hazards you need to take seriously," said Blakley.

But Blakley predicts that the adoption of cloud-based identity services will rise significantly in the next year.

Only four people in a room of nearly 100 people attending his talk said they now use cloud-based services. Blakley said next year the same question would result in 25% of the audience saying they use cloud-based identity services.

"When you look at the cloud as a massive compute system you need to provide the same kind of access control, auditing, authentication, single sign-on and so forth that you did in the enterprise," said Eric Olden, CEO of Symplified, which offers web access management and single sign-on as a cloud-based service. "I think you will find later this year things will move ahead to the next level of sophistication."

In that timeframe, Olden says Symplified will add access control and de-provisioning capabilities to its identity service.Blakley says one driver for identity service adoption will be the immediate value that uses see with cloud-based services as opposed to licensed software that typically drags users through a deployment period where the software is paid for but not being used in production.

"On the cloud side that part does not happen, the integration and connectors and deployment phase happens on the service provider's clock," said Blakley.

Companies will be motivated to use cloud-based identity services as the number of users on corporate networks explodes, according to Blakley. That explosion will be driven by contractors, partners and others who require network access.

One identity architect from a Fortune 500 company said the firm is contemplating out sourcing its supply chain identity management for all its providers. That means any vendor the company buys from will go through cloud-based services for provisioning, authentication, authorization and other identity services.

"It will be all the companies that need to sell us parts and have to log in and out of our purchasing system with a user ID and password we provide and manage today," he said. "It could cut 50,000 identities that we now have to manage."

It is those sorts of gains that are driving corporate identity architects to look at service alternatives that can augment internal systems and reduce management responsibilities.

And Blakley said another added benefit from services is that they will force technologists paying for the service to focus more on the business problems it solves and less on the bells and whistles of the technology.