Identity Management Blog | Symplified
|
 RSS Feed
Cloud leader, Salesforce.com, is in the midst of their DreamForce conference in San Francisco. It's amazing to reflect on their success and growth. Even with our current economic woes, Salesforce has managed to continue steady growth and stock performance. And with 19,000 people registered for this year's DreamForce, interest is certainly not dropping off.
At the helm of Salesforce, CEO Marc Benioff spoke of new product innovations and what lies ahead. With the announcement of Sales Cloud 2 and Service Cloud 2, we see expansions of Salesforce services into exciting new areas with a strong Cloud Community theme. New offerings for knowledge management tie into Google, Facebook, and Twitter with email integration and complete customer service call centers in the Cloud. Salesforce will offer social networking for the enterprise with their own Salesforce Chatter and scheduling with Salesforce Scheduler.
And if you are in San Francisco for this event, Symplified would like to extend an invitation to our exclusive Cloud party where you can learn how to unlock the potential of Force.com and other SaaS applications by making Salesforce the center of your cloud platform.
From collaboration to sales mobility, Symplified secures the Cloud, the enterprise & everything in between. We are the Cloud security experts.
Coby Royer
Technical Product Manager
Symplified
July 2009 Cloud Integration-We are not alone PaaS and IaaS consumers should have objectives in mind for how the apps they are creating with Cloud computing are to be integrated with other systems. Constituency What constituencies are you serving? So you are creating an app with PaaS-Is it for your company's employees? Or are you creating a corporate SaaS app to serve your partners or customers? Integration needs will vary based on constituencies. Single Sign-On Corporate users will want Single Sign-On (SSO) tied to their existing directories. Customers and Partners may want Single Sign-On tied to their own directories and systems. There are many options ranging from calling out to another authentication system to federation with standards like SAML. If you are in corporate IT, you can implement your own session management and validate session tokens from your own authentications. But if you are a SaaS vendor, federation may be the best way to provide SSO. For example, OpenSAML provides toolkits to make it easy to SAML enable your SaaS application.
Identities Avoid creating yet another Identity Silo that requires user provisioning/deprovisioning and profile management. Again, federation can help. Providing integration to external identity systems avoids the whole problem of managing Identity life cycles. Don't take on the burden of managing this yourself when your customer is likely to already have solutions in place!
User Profiles and Attributes In addition to being able to authenticate users and ensure proper management of Identity life cycles you should consider how you manage profile data associated with identities. There are methods to "single source" your data and minimize the need to synchronize and update multiple copies of the same information. Consider tying your new PaaS-hosted app to existing directories and Identity Management systems. Some systems (like Symplified) can pass user attributes to your application to avoid having to mirror what is already in your directories and databases. You can also expose secure APIs that enable import and export of data.
You Are Not the Only App
We have a natural tendency to focus on just the one application we are creating. But since almost no one uses "just one app" there is an aggregation effect: as each new app is added to your portfolio, it introduces incremental increase in pain surrounding credentials, profile data, transactional data, compliance data, etc. So even if managing users in your app is so easy you can do it in your sleep, your customers and their constituencies will still need to learn how your system works. This is Incremental Pain that turns into a nightmare-no matter how simple one task is, repeating that task many times in many ways is costly and prone to error.
Collaboration Does your app need to support collaboration between different users of your app? Or across different apps? How can they securely exchange data while not violating privacy requirements? Will customers or integrators be creating mash ups with your application? How do you expose data and functionality (again, securely). These are all important considerations, and are increasingly easy to do in the world of Cloud Computing. But as we address our needs for security and privacy, identity and access management are fundamental building blocks. When handling a request for data, how do you know who is asking? How do you know they have permissions?
Conclusion I hope the questions in this blog have been thought provoking. As you consider the PaaS and IaaS for hosting and deploying new apps, remember that "You are not Alone". Your app will be one of many for your customers; and collaboration and integration require identity management and access control solutions.
Coby Royer
Technical Product Manager
Symplified | The Cloud Security Company View Symplified's Webcast with presenting Partner, Log Rhythm, Register to Receive The Identity Management Blog weekly by entering your e-mail address in the left hand toolbar.
May 2009 I guess there's nothing new about big companies gobbling up smaller ones, but I have to say that the recent Sun acquisition by Oracle feels like the end of an era. I've been around long enough to have worked on Sun pizza boxes running Solaris when the rest of the IT community was using minicomputers. And I clearly remember the ascent of Java, my own experience starting with the Beta JDK 1.02 doing GUI Java widgets back in the days of the AWT. When I think of recent events, the thought that comes to mind is "End of Empire". No one can predict what will happen to Java, mySQL, and all the other great stuff that has come from Sun. But, I'm sure Open Source will prevail, and at any rate, change is always slow--at least under the watch of a behemoth like Oracle. In contrast, I have to say that working in a start-up, change is anything but slow. Symplified has been leading the SaaS revolution, and it's an exciting place to be. When I look around at the established (dare I say "legacy") IdM companies, I feel that their purported strengths have become their weaknesses. Overblown feature sets and product families that are complex enough to make CIOs reel are not what enterprises need today. High integration costs, elongated deployment timeframes, and high project failure rates are not the characteristics of technology I would recommend to my CIO. But I understand that once invested in a technology, and the code base that drives it, an earlier generation technology provider is challenged to make radical changes to compete with new contenders and adapt to paradigm shifts (like Cloud Computing). In closing, I am proud to announce Symplified's nomination for the 2009 Apex Awards, the prestigious technology awards recognizing outstanding accomplishments and leadership by Colorado's advanced technology companies and professionals. Honestly, it's hard to say which criteria is our strongest area as we have done well in all: Innovation, Vision, Strategy, Performance, Leadership, Culture, and Corporate Responsibility. So as the big get bigger, I know that the great get greater, and look forward to an exciting third and fourth quarter providing Cloud Security.
Coby Royer Technical Product Manager Symplified | The Cloud Security Company
April 2009 I recently wrote about perspectives on Software as a Service, inspired in large part by Jeff Kaplan's presentation at IT Roadmap Denver. Today, I’d like to address Security concerns that have been expressed about SaaS.
Many potential SaaS adopters have concerns about the co-mingling of data between customers in multi-tenant SaaS architectures. The concern is that one customer’s data could be accessible to another customer through a technical glitch (e.g., coding error, database problem, etc.). The concern is understandable as the use of a single RDBMS server is common in SaaS and a key enabler to the reduced costs and provisioning time for new SaaS customers. The overhead for maintaining a separate DB instance for each customer is significant and putting customer data into rows or tables in the same server yields significant cost and performance improvements that transfer to the SaaS customer.
As with any risk, I advise a risk management approach that reconciles the customers’ tolerance for risk against the costs and benefits that go along with the risk. An informed decision can be made given the likelihood of the risk and a simple analysis. Look at the benefits of the specific SaaS app you are considering (e.g., reduced cost in comparison to COTS alternatives). Consider how costly or damaging your privacy concerns would be. Then look at how your SaaS vendor is reducing the likelihood of the risk you are concerned about. As with any risk assessment, we are not looking to completely eliminate risk. You probably already have many other data privacy risks throughout your enterprise—from your outsourced payroll processing to transmission of data across the Internet to employees who routinely transport laptops off site. The goal is to invest in risk mitigation costs that are commensurate with the likelihood and impact of the risk. By analogy, I wouldn’t spend a thousand bucks on a safe to protect the two hundred dollars worth of jewelry I own.
So what is the likelihood of others seeing your data in a SaaS app anway? (And what is your vendor doing to help?) Vendors should support industry specific controls that serve compliance needs. For example, PCI DSS has specific terms to address SaaS compliance. Identity Management and Access Control are important. Audit logs may be necessary for compliance. Quantifying this risk is tough, but I recommend talking to your SaaS vendor about what they do to minimize the risk.
In the case of Symplified, our engineers have gone to great lengths to design a system that is immune to data leakage in its multi-tenant architecture. For example, our data model includes a “tenant ID” (GUID that identifies each customer) for every table that holds customer data. We use Aspect Oriented Programming (AOP) to enforce the constraint that no queries or updates can apply if the tenant ID is incorrect, thus insulating our production system from coding errors and other issues. We run application security (and other) scans as recommended by OWASP. We ensure separation of duties in our SAS 70 compliant data center. If you would like to learn more about this solution, watch the Technology Dig Webcast hosted by Darren Platt, an identity expert at Symplified.
Coby Royer
Technical Product Manager
Symplified | The Cloud Security Company
February 2009 When Salesforce launched their "no software"
campaign they were making a bold statement to the market. However as
the software-as-a-service (SaaS ) market evolves, doubling over last
year with 63% of companies actively deploying, this statement seems to
be the catalyst for where the market is heading [1].
Why should companies stay with many on-premise solutions when they can
move to a software-as-a-service (SaaS) model and avoid capital outlays
and operational expenses and achieve most of the capability of licensed
software at a significant cost savings?
Salesforce's
"no software" vision began with a simple idea: “ Why can’t business
applications be as simple to use as Yahoo!, Google, Amazon.com or eBay?
Why can’t organizations simply access enterprise-class applications and
business information via a web browser with no software to download,
install or maintain?”[2]. Today, this simple idea has now transformed an entire industry and started the explosion of Software-as-a-service (SaaS).
And
as with Salesforce, Symplified started as a simple idea. How can a team
who has deep roots in enterprise identity and access management, having
previously founded, scaled and sold Securant ClearTrust to RSA
security, do it again but better? What problems are not being solved by
Commercial Off the Shelf (COTS) software and how can we solve them by
doing them better, faster and cheaper? That’s when the company
Symplified began.
Symplified
is a unified access management system purposely built for the cloud
architectures of SaaS. Symplified integrates your existing IT
infrastructure with the cloud, streamlining management, reducing costs
and improving security.
Symplified
was designed to address companies on-premise access management needs as
well. Build secure portals with personalized access for your workforce,
customers and partners. Symplified offers a complete, enterprise-class
Web Access Management (WAM) infrastructure that rivals the capabilities
of expensive, 1st generation products but without the frustrations and
limitations of heavy monolithic software. Symplified is the first
identity management solution in the cloud.
Learn more about how we are taking identity management to the next level: visit our website:
» www.symplified.com
February 2009 Cloud computing has emerged as the next wave of IT innovation for the
enterprise. It is driven by utility-scale economics and global reach,
while being enabled by breakthroughs in bandwidth, virtualization and
service oriented architectures. Cloud computing is compelling for
enterprises seeking to cut costs, enhance integration across their
business, and enable collaboration both internally and externally.
Whether
it is used to provide business applications delivered as services
(Software-as-a-Service) like Salesforce.com, or on demand utility
computing (Platform-as-a-Service) like Amazon EC2, the cloud is
changing the way enterprises consume IT. The wildcard that remains to
be addressed for the cloud is security. Until enterprises have a way to
secure data in the cloud, this model will not reach its full potential.
Everything Is The Same.
Security
has been central to IT since the days of the mainframe and has evolved
and adapted as technology extended from the LAN to the WAN to the Web
and now to the cloud.
One constant throughout this evolution has
been the need for control over access, authentication, auditing and
administration. The names for these have evolved over time and today
are collectively known as Identity and Access Management (IAM).
For
cloud computing to truly establish itself as a viable extension of the
enterprise computing ecosystem, it must first provide security on par
with what exists inside the firewall. Without this foundation,
enterprises will not trust the cloud for business-class computing.
Finally, compliance is impossible without controls.
Everything Is Different.
Security
must adapt to the unique technical and organizational demands that the
cloud presents. While security for the cloud must incorporate the
established principles of protection developed for enterprise networks,
it must do more. Specifically, it must address the new challenges that
arise when infrastructure resides across the Internet where it is
collectively operated by the enterprise, its partners, and service
providers.
What’s Different Specifically?
Access management, the
core of security, is different for the cloud because the most common
tool for access control on the Internet – the firewall perimeter – has
been turned into Swiss cheese. Firewalls can’t manage access to cloud
applications because by definition these applications are accessed over
the Internet outside the corporate firewall.
With the advent of
the Web, enterprises put applications outside the perimeter for
customers and partners to access. This forced enterprises to scale
access management not only for its employees, but for potentially
millions of customers. A new generation of access management, designed
specifically for the Web, was required and developed by vendors like
Securant and Netegrity. First generation Web Access Management software
relied on agents tightly coupled with web servers operated by the
enterprise.
However, Cloud infrastructures are different since
it’s impossible to run a web server plug-in on a multi-tenant
architecture where multiple organizations share common infrastructure.
Access management for the cloud must be controlled without agents and
without tightly coupling infrastructure components together.
Authentication for the cloud is different. Verifying
a user is who they claim to be on the cloud works differently than for
an enterprise network. The enterprise can rely on multiple layers of
authentication. For instance using Windows logons to verify an
employee’s identity and restricting authentication to only those users
that have access to the corporate Windows network.
This model
doesn’t scale to the cloud because users aren’t necessarily connected
to a corporate LAN - and many users, like customers, aren’t part of the
enterprise Active Directory. This is further complicated with global
enterprises that are widely distributed with users accessing IT
resources over the public Internet not using VPNs.
Because
clouds are often used for collaboration between organizations using
different technology platforms, an inter-organizational authentication
solution has evolved. Called federation, this model uses the Security
Assertion Markup Language (SAML) standard. With SAML, each organization
manages its own users and through trust relationships share
authentication between sites.
SAML is an elegant solution for
scalable authentication. Authentication for the cloud will rely on SAML
and provide the dual benefit of reducing the number of passwords that
users must remember (and forget) as well as improve user experience
through Single Sign On (SSO).
Administration for the cloud requires a new approach to
support the complex structures and business relationships between cloud
networks and organizations. User account management, known as
provisioning, on the cloud is different than the Web because it
comprises a mix of both enterprise and cross-organizational
requirements. On the cloud, organizations must not only manage access
by employees, but also customers and partners. Identity data for these
external users often reside in remote repositories across the Internet,
something that today’s provisioning tools aren’t designed to handle.
As
with authentication, user management must also be federated between
clouds and the partner enterprises. As companies adopt SaaS
applications they find that user accounts are now located in 3rd party
databases creating new management silos. User management for the cloud
must evolve to a ‘meta-management’ layer that abstracts the underlying
location of the repository and treat users consistently across both
internal systems like Active Directory and cloud-based applications.
Auditing and compliance for the cloud must also evolve past today’s enterprise-centric model. Currently,
enterprise solutions that centralize and aggregate logs are used to
demonstrate to auditors that controls are in place and report on user
activity. This approach works since access paths to enterprise
applications are more tightly controlled through a combination of
perimeter based controls. With on-premise Web application access there
are relatively fewer moving parts that must be monitored for compliance.
In
the cloud, the infrastructure for managing compliance must extend
across the Internet and encompass the applications, users, and
activities on remote as well as enterprise systems. Users access cloud
applications across the Internet, rendering perimeter controls
ineffective for compliance.
It is imperative to manage cloud
access paths through a consistent control point and the most scalable
way to do this is using an Internet-scale proxy utility. By channeling
all user access through a security proxy the task of auditing becomes
centralized. Since proxies do not require software agents this
technology approach of loosely coupling security with cloud
applications is massively scalable.
Consistency is essential for
compliance, and cannot be achieved using ad-hoc and siloed approaches
to access control and reporting. Too many applications are built and
deployed with only an afterthought given to security and compliance.
This is a problem in the enterprise today and must be addressed as part
of an intelligent cloud strategy from the very beginning.
Confidentiality of data is the last major element of security. Data
must be protected both in motion and while at rest. When data is
transmitted across the network, encryption must be used to prevent
eavesdropping and SSL/TLS is the best way to do this. This protects
data from being hijacked or user credentials from being stolen by an
attacker. Data at rest must be encrypted on the storage device or
within the database. This includes confidential (and regulated) data
like credit card numbers and especially user credentials.
In the
enterprise, data is further protected because it resides inside a
firewalled perimeter that deters possible attackers. When moving to the
cloud, enterprises must recognize that their users’ credentials are
scattered across multiple systems not under their direct control. If
proper encryption is not in place, user passwords are vulnerable to
theft and can be used to gain access to other applications.
Creating
a meta-security infrastructure for the cloud requires a comprehensive
strategy encompassing the 5 core elements of security – access,
authentication, auditing, administration, and confidentiality. Because
the cloud uses significantly different technology and a decentralized
organizational structure compared to enterprise networks, simply
extending existing security systems will fail. Enterprises must
implement a cloud-native approach that unifies these elements and is
also able to integrate with the existing IT infrastructure. Otherwise
new silos are created resulting in more work, greater expense, and
weaker security.
A cloud delivered security strategy is the only
efficient approach for aligning and bridging the technology and
processes that span enterprise infrastructures and internet delivered
services and resources. Using this model enterprises get the rapid
scalability, global reach and utility economics that define cloud
computing. Written By: Eric Olden, President and Founder of Symplified February 2, 2009 Eric Olden is founder and CEO of Symplified,
a developer of access management technology for SaaS and the cloud. He
previously founded and was CTO of Securant Technologies, a pioneering
developer of Web Access Management technology. The Securant ClearTrust
product was acquired by RSA Security.
January 2009
Part Two
Last week I posed some discussion points for those involved in Software as a Service (SaaS). As an adopter, how does SaaS fit into business and IT Strategy, and how can you manage concerns that are raised?
Optimizing your Strategy:
Carefully examine your expected ROI with SaaS and other investments, being sure not to underestimate your Total Cost of Ownership (TCO). In most cases, I expect you will find real value in SaaS, given that you do not need to deploy and maintain Off-the-Shelf software, nor do hosting, operations support, etc. So although SaaS Adoption could be a side step from your existing strategic plans for data and application consolidation, there may be real benefit to adapting your plans to include SaaS. But of course the adopted technologies must be a good-enough fit for your business needs. SaaS tends to be more of a one-size-fits-all than highly customizable commercial software, but the latter comes at a steep price. Which is more important, customization or cost and ease of support? And of course if time-to-market is important, SaaS will be a clear winner, since it avoids capital expenditures, complex software integration, training of support staff, and more.
Vendor Lock-In and Data Integration:
As with Commercial Off the Shelf (COTS) software, look for SaaS that allows you to export and/or master your own data as this gives you freedom to change applications downstream. Architect your integration strategies with a clear understanding of where the master copies of data will live (the single version of "the truth"), and how data can be moved around. Does your SaaS vendor support standards that will ease integration and data export? When data is a core asset to your business, find integration approaches that allow you to master the data (or sync it in a reliable way), and to pass it into SaaS apps via infrastructure and interfaces. This is especially true of Identity data, which might be stored in your LDAP or other directory servers. (For example, in Symplified's SaaS implementation, existing Directory Servers can remain the masters of Identity data and Symplified has adopted the XACML standard for access policy definition.)
When adopting SaaS, be open to changes in your business processes, as many SaaS vendors represent a best-of-breed set of processes that can work for you. As business and IT professionals, we tend to think no one does things like our own business units, but standard data semantics and processes can hasten the adoption and ease future integrations. As SaaS increases market penetration, we will see SaaS vendors driving the de facto standards for processes and underlying data models.
Risk Management:
With SOX, HIPAA, PCI, FSMA, and the many other compliance standards we are now subject to, how does SaaS fit into our Enterprise Risk Management? Isn't it easier to just own all the data (and personnel) ourselves and not have to worry about SaaS?
My advice is to understand the risks, and make decisions accordingly. SaaS companies that become stewards of your data are indeed subject to certain controls in order for you to be compliant. But most SaaS vendors recognize this and can offer policies and controls, with documentation, that allow you to make informed decisions and be prepared for audits. Be sure they pass security requirements (e.g., Pen testing), have appropriate personnel and physical controls in place, and that they understand the specific needs of your line of business (e.g., data encryption, privileged account management, etc.).
Also be aware that many SaaS vendors, and SaaS infrastructure companies, can help with compliance concerns, especially for logging and auditing. Look at synergies between SaaS log reporting and other tools you might use (e.g., log correlation, analysis, and reporting). You might start out thinking that you are weeding out a SaaS solution for compliance reasons only to find out they help you attain compliance at a lower cost.
Disaster Recovery is another important consideration in adopting SaaS and my advice is to ensure your SaaS providers' data centers are SAS 70 Compliant, and that you are provided Recovery Time Objectives, Recovery Point Objectives, and Service Level Agreements that satisfy your needs for business continuity.
Identity Management:
In closing, I need to make the case for Identity Management. When looking at SaaS adoption, take a holistic approach that considers the aggregate needs of multiple constituencies and then ask yourself, How do I avoid requiring users to remember different account credentials for each system (Single Sign-On/SSO)? And in these tough times, if you need to deprovision users during layoffs, how can you do this efficiently and reliably with SaaS (and avoid losing corporate data and contacts along with the former staff)? Identity Management (IdM) solutions like Symplified can help with these needs and more. Symplified's embedded Virtual User Store, attribute passing, and KeyChain system allow you to standardize identities across Apps (both SaaS and non-SaaS).
So as you are looking at SaaS for your enterprise, you should find that it does fit into your strategy, and that it is not only harmonious, but a helpful addition to your solutions as you address risks, business needs, and infrastructure.
Coby Royer
Technical Product Manager| Symplified
www.symplified.com
January 2009 Tough economies don’t last but tough people and
companies do with good planning and execution. The game plan for
surviving recessionary economies gets a fresh look with each economic
downturn but two fundamentals underlie all financial survival plans –
conserving cash and maximizing financial flexibility.
Conserving cash is an obvious step to buffer against economic
uncertainties, such as creditor demands or overdue receivables. Steps
taken to conserve cash often include cutting non-essential programs and
new systems. A cash buffer also boosts financial flexibility, helping
to position for post-recession marketplace opportunities. Increasing
flexibility also can include investing in more efficient IT methods and
technologies.
IT analysts at IDC, Forrester and Gartner are citing the financial and
operational benefits of software-as-a-service (SaaS) in recessionary
times as a primary driver in double-digit growth forecasted in the SaaS
marketplace. The analysts’ consensus is that SaaS helps to cut costs
and conserve cash while providing a flexibility tool to drive new
efficiencies by supporting: shrinking capital spending, flexible
operational expenses and increased business agility.
Symplified’s On Demand Identity service is the first identity
management solution to delivered as SaaS from the cloud. Symplified
dramatically reduces the cost and complexity of identity software
solutions, cutting lifecycle costs by up to 75% compared to enterprise
software.
Identity software frequently has seen expensive and complex integration
projects taking months to plan and years to implement. The cost of
integrating user attributes with applications containing sensitive
information often runs into millions of dollars, with the cost of the
custom integration code and deployment consulting exceeding the initial
identity software license by 4-5 times.
December 2009
Twas the night before Christmas, good things should unfold
As Clayton Christensen’s predictions so soon would take hold.
New licenses paid from fiscal budgets with care,
In hope On Demand Computing soon would be there.
IT Managers and sponsors all smug in their heads
With visions of hosting and integrations to spread;
Unaware of disruption new technology would bear,
COTS apps and homegrown so well might not fare.
When out in the NOC there arose such a clatter,
I sprang from my pager to see what was the matter.
Away to the data center I flew like a flash,
For downtime I feared would cost us some cash.
When, what to my wondering eyes should appear,
But a cloud full of SaaS apps bringing holiday cheer.
Now Salesforce! Now Workday! Google Apps, Xactly!
On Taleo and WebEx, Concur, ADP!
Enterprises—all sizes, so soon now can turn,
To the business that drives them, less money to burn:
Economies of scale, core competencies,
Scalability, compliance, and reliability.
Yes, a New Year upon us, a tough economy,
New challenges and solutions, creative we’ll be.
In our decisions with limited Cap Ex to spend,
Less staff but the same users to please in the end.
So when St. Nick drops Cloud Computing down your chimney,
Embrace it and face it, good things you shall see.
And when you are deploying, bring Identity—
Your users will need it for who would they be?
Happy Holidays from Symplified,
The On Demand Identity Company
Written by: Coby Royer Technical Product Manager | Symplified
December 2009 The blogosphere is rich with reports of how Software as a Service (Saas) and Cloud Computing will transform the face of business. The IT trend of integration vs. software development matures into the next era of adoption, fueled by demands to reduce operating costs and capital expenditures. This is not a surprising (or new) trend, as companies continue to squeeze the most from their IT divisions.
As with any trend, SaaS brings new challenges. Over the last decade, enterprises have steadily tackled the integration of purchased software (Commercial Off the Shelf or COTS) into their technology footprints and have introduced Single-Sign-On (SSO), Role Based Access Control (RBAC), and centralized policy management, not to mention audit and compliance controls for a burgeoning battery of Rules and Regulations such as Sarbanes-Oxley, HIPAA, and PCI.
Enterprises have pursued the Holy Grail of unifying Directory Servers of users and credentials (LDAP), have integrated disparate apps, and have deployed access management and Enterprise Single Sign-on (ESSO) software. In short, enterprises have barely caught up with the last wave of new computing paradigms and must now tackle Identity Management that spans the Internet Cloud of SaaS applications.
But with any challenge comes opportunity. Corporations have an opportunity to cut costs, improve user experience, and increase security and compliance. And as a provider of cloud based services for SSO and Web Access Management (WAM), companies like Symplified have an opportunity to transform the face of Identity Management in this latest wave of change. The software based solutions of the old guard no longer suit the new face of computing. SSO and WAM must seamlessly span the boundary between on-premise enterprise computing and Cloud Computing. Identity Management must accommodate the unavoidable Identity Silos left behind by legacy integrations and further propagated by SaaS. Symplified’s Identity on Demand technology is both delivered as SaaS and is for SaaS. A recent discussion with attendees at Digital ID World helped drive this home for me: after initially looking at our information, there was a brief look of puzzlement followed by the realization, “Oh yeah, you’re the Cloud Guys!”
Coby Royer
Technical Product Manager, Symplified
www.Symplified.com
Cloud Insights | Symplified Newsletter
Next Page
Error sending email
Email sent successfully
|
|
|
|