Follow us on Twitter
Join us on Facebook
Connect with us on LinkedIn
Join our Group while you're there
Company Buzz
Current Articles | RSS Feed
August 2009
How to Have Your Cake and Eat It Too: Cloud Based Identity Management without Identities in the Cloud This week I’d like to say a few things about managing User Identities. There has been a lot of talk lately about Private Clouds vs. Public Clouds. Enterprises that are slow to adopt SaaS and Cloud Based PaaS/IaaS are firing up their own virtualized environments and IT groups are provisioning on-demand applications for business processing. Some of the same Cloud benefits result, such as usage-based charges, ease of provisioning, location independence, and reduced overall demand due to load distribution over time. One of the drivers for Private Clouds has been Security. Enterprises are sometimes unwilling to accept risks associated with the Public Cloud (i.e, Internet). Identity Management is sometimes a concern and I’d like to share some important considerations today. Eric Ogren recently posted a great article about Cloud Security. One of his points is that early stage cloud vendors should support corporate clouds in early product releases. I’m proud to say that is exactly what Symplified has done, recognizing the needs to support security-focused enterprise adopters. Ogren raised a good point that “The hurdle that must be cleared [in providing identity services] is assuring IT that corporate identities can be securely maintained in a cloud service... .” This is precisely why Symplified optionally provides on-premise components that integrate with our SaaS policy administration. With Symplified, credentials and attributes for end users can remain on the Customer Premise if necessary. While our Policy Management Point (PMP) is SaaS based, the Policy Decision Point (PDP) (which retrieves user attributes for making access decisions) can be placed on-premise by way of our Identity Router. Even if in the Cloud, the PDP only briefly holds attributes in memory and never on disk. Credentials for Single Sign On (SSO) to applications are similarly stored on the customer premise. We have a number of security options for where these are placed and use established best practices and cryptography to keep these credentials secure (regardless of where stored). And, unlike many other SSO products, we do not store credentials on workstations or browsers. I have to say that Ogren’s points resonated well with me. I can’t take the position that no enterprise should dismiss SaaS and Public Clouds. That is a topic for Enterprise Risk Management and every company has its own tolerance for risk. But whichever way an enterprise adopter leans, there are companies like Symplified out there who can support both Private and Public Clouds. I recognize (and have been part of) Enterprise security and risk management and as a vendor, am in no position to dispel the well thought out concerns Enterprises may have. But I can say with certainty: There are options that comply with your security and risk management policies! As folks are now returning from Burton Catalyst—the event that publicly launched Symplified about a year ago—let’s enjoy some birthday cake!
Coby Royer, Technical Product Manager
Symplified | The Cloud Security Experts
Allowed tags: <a> link, <b> bold, <i> italics