Click here to close now.



Welcome!

Open Source Cloud Authors: Elizabeth White, David Bermingham, Jnan Dash, SmartBear Blog, Yakov Fain

Related Topics: @CloudExpo, Microservices Expo, Open Source Cloud, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Consolidating the Variables: Augment Existing Identity Management Systems

Using cloud security to expand on-premise investments

The modern enterprise is a fluid entity. As an IT construct it expands and contracts (sometimes simultaneously), and many of the moving parts (like users and applications) are themselves evolving and changing. This creates unique challenges in operational efficiencies, core competency support, compliance observance and risk management.  The central theme to all these challenges is establishing and maintaining control of applications which serve as gateways to all the valuable data (personal, trade secrets and other IP) on which an enterprise exists. Many companies have turned to an identity management solution which administrate and validate the digital identities of authorized users.

This is not a new concept, nor is it a foreign practice to many established enterprises. Identity management combined with controlled and channeled access is a recognized best practice and regulatory compliance necessity. Many companies have invested in some sort of authoritative identity repository and management system.  The rising issue is that in order to keep up with the quickly changing landscape of SaaS, cloud and web –based apps, that investment becomes costlier and the ability to agilely address identity validation and authentication becomes less responsive.

Unless you leverage the cloud to augment existing systems.

Let’s assume an enterprise has made a serious investment in a solution like IBM Tivoli or Oracle Identity Manager.  Both products have significant clout and enterprise functionality. It handles the identity creation, rules management, administration and provisioning for many of the legacy and on-premise products and internal systems. It's no secret that these enterprise monoliths are expensive to purchase, deploy and continuously maintain. So, when examining the scope of applications available to users, several are left unsecured because of the cost and resource drain to incorporate them into IDM fold.  Layered on this is the need to authenticate and authorize users outside of an enterprise’s direct control. This includes 3rd party suppliers, vendors and even customers; all who need access to slivers of data contained in specific applications.

The costs to expand the on-premise authentication scope are broader and deeper than simply adding the subscription price of a SaaS solution. There is the licensing of the adapter (or connector) to allow the data of the SaaS to securely flow between the application and the IDM solution via Active Directory (or other repository source). There is support and maintenance (usually 20% of the purchase price paid annually). There are the professional services to install and configure the connectors. There is the cost of development, time-to-market gaps, and the added burden of doing this multiple times for each SaaS and web-based application.

Yet, by deploying a complimentary IDaaS (identity-as-a-service) strategy, all of the above costs, services and deployment difficulties are considerably reduced or eliminated, while still promoting the necessary security gravitas to assert control, streamline workflow and optimize IT resources. As part of the IDaaS arsenal, most of the popular federated connectors are already available out of the box. IDaaS managed from the cloud also extends its scope to those Non-SAML based application (web-based) through an identity gateway. So, no development costs, no additional licenses, and professional services shrink to a minimum. By creating this umbrella over your virtual footprint, the ability to automatically provision and deprovision user accounts extends to these new applications as seamlessly as if they were parked on-premise. Additionally, creating a parallel-yet-integrated identity manager allows for seamless integration with single sign on. This unique cloud-controlled advantage enforces corporate access policy decisions across the enterprise and puts IT back in control of the IT landscape. It eliminates the potential for Shadow IT applications, BYOD abuse and enables better productivity.

The notion is not to reinvent the wheel, but to expand the metaphor, change out the tires for all-terrain use.  If an organization has spent millions to create a viable identity management system, it is unlikely they will abandon the project to put the entire administration and management in the cloud. However, it is prudent to create a cost-effective, enterprise grade equivalent to integrate new applications, multiple data stores and “outside,” users accounts into a secure and controlled environment. In short, it consolidates the variables into a manageable, automated and centralized strategy without incurring additional resources and runaway costs.

Some call this a hybrid strategy. Regardless of the label, a strategy that extends your capability to authenticate, attest and authorize user names, passwords and permissions beyond your firewall will only strengthen you defense against breach, unwanted usage and data leakage from insider threats. In that it can be done with minimal disturbance and without deep pocket spending makes this all the more attractive and practical.

The automations inherent in IDaaS also facilitates stronger compliance…especially when it comes to monitoring the SaaS and web applications. Instead of an infrequent review of logs real time reports can be instantaneously generated to see exactly who accessed what application. But the cornerstone of compliance is to monitor if any changes were made, especially to access protocols (passwords, user names etc…). IDaaS can note in real time when any attribute changes, who made the change and who approved the change. This is a standard compliance audit requirement.

The proliferation of SaaS and web-based applications has changed the security quotient. Leaving these applications partially secured still leaves them partially unsecured. IDaaS allow you to close those vulnerability gaps. Despite best efforts, network perimeters have all but disappeared. All too often, because of multiple data stores and the virtual left hand does not know what the right is doing.

As noted earlier, your IT environment continues to expand and contract. Just consider the lifecycle of the different users that need to access different applications. New hires, promotions, demotions, firings, new partners, new customers, latent customers-- each instance requires some modification to their identity rights.  Does Chuck, who used to be in your accounting department still have his active user credentials? Has Rachel who hasn’t ordered from your site in 3 years had her account retired? How easy would it be for Chuck, Rachel or some nefarious account takeover hacker using their stolen credentials to create significant havoc on your network? It’s a significant task and greater responsibility to find each data store they have been given access and deprovision, However,  IDaaS can turn off or modify any user account instantly-both in the cloud and through on-premise systems through its connection to Active Directory (or LDAP, AS/400, MySQL, Solaris, RedHat, etc…).

Now multiply the above scenario by 500 or 5000 users a day for a modest enterprise when creating users, resetting passwords and permission sets and you begin to recognize the significant advantages and efficiencies a centralized and augmented with the cloud identity rights management and access control system provide. And the larger the organization, the more complex these data islands are to resolve.

Stronger forms of authentication and authorization need to be deployed in response to the growing threats.  Using an IDaaS and SSO combination from the cloud is a proactive step towards consolidating all the variables and cost-effectively strengthening your identity defenses.

Kevin Nikkhoo
www.cloudaccess.com

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@ThingsExpo Stories
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry's single source for the cloud. Fusion's advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
Fortunately, meaningful and tangible business cases for IoT are plentiful in a broad array of industries and vertical markets. These range from simple warranty cost reduction for capital intensive assets, to minimizing downtime for vital business tools, to creating feedback loops improving product design, to improving and enhancing enterprise customer experiences. All of these business cases, which will be briefly explored in this session, hinge on cost effectively extracting relevant data from ...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
Eighty percent of a data scientist’s time is spent gathering and cleaning up data, and 80% of all data is unstructured and almost never analyzed. Cognitive computing, in combination with Big Data, is changing the equation by creating data reservoirs and using natural language processing to enable analysis of unstructured data sources. This is impacting every aspect of the analytics profession from how data is mined (and by whom) to how it is delivered. This is not some futuristic vision: it's ha...
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless...
The IoT's basic concept of collecting data from as many sources possible to drive better decision making, create process innovation and realize additional revenue has been in use at large enterprises with deep pockets for decades. So what has changed? In his session at @ThingsExpo, Prasanna Sivaramakrishnan, Solutions Architect at Red Hat, discussed the impact commodity hardware, ubiquitous connectivity, and innovations in open source software are having on the connected universe of people, thi...
WebRTC: together these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at WebRTC Summit, Cary Bran, VP of Innovation and New Ventures at Plantronics and PLT Labs, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it may enable, complement or entirely transform.
There are so many tools and techniques for data analytics that even for a data scientist the choices, possible systems, and even the types of data can be daunting. In his session at @ThingsExpo, Chris Harrold, Global CTO for Big Data Solutions for EMC Corporation, showed how to perform a simple, but meaningful analysis of social sentiment data using freely available tools that take only minutes to download and install. Participants received the download information, scripts, and complete end-t...
For manufacturers, the Internet of Things (IoT) represents a jumping-off point for innovation, jobs, and revenue creation. But to adequately seize the opportunity, manufacturers must design devices that are interconnected, can continually sense their environment and process huge amounts of data. As a first step, manufacturers must embrace a new product development ecosystem in order to support these products.
Manufacturing connected IoT versions of traditional products requires more than multiple deep technology skills. It also requires a shift in mindset, to realize that connected, sensor-enabled “things” act more like services than what we usually think of as products. In his session at @ThingsExpo, David Friedman, CEO and co-founder of Ayla Networks, discussed how when sensors start generating detailed real-world data about products and how they’re being used, smart manufacturers can use the dat...
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT’s direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...