Gartner:cio need to focus on cloud identity management

Source: Internet
Author: User
Keywords Identity management has
"When it comes to identity management and authentication, all the vulnerabilities you see on the ground will also appear in the cloud," said Perry Carpenter, a Gartner analyst. However, the cloud has also introduced its own characteristics and problems.

Gartner believes that there are three different aspects of cloud identity management. First, identity management to the cloud, can send some information from the enterprise to the cloud, the second is, cloud computing to identity management, can from the cloud or some other existing places to send information to the organization, third, cloud to cloud identity management.

Every aspect has a different risk. In enterprise organizations, the use of identity management services itself is relatively small. Occurs only in a specific business activity that is supported, only to have ID management in the cloud.

"It's hard to separate security-related things from the cloud, which means more sophisticated technology," he said. On the other hand, some SMEs are beginning to intervene.

Legal expectations and service level agreements (SLAs)

This is a full range of challenges. "There are things like Google Apps, Salesforce.com and workday in the cloud. The identification component is something that is added later, and in fact, this later addition will carry the inherent weakness, "Carpenter said.

Carpenter points out that many cloud security issues boil down to legal expectations and service level agreements (SLAs), which do not understand technology. "We call it the cloud because we want it to be more attractive, but these fundamental problems have been going on for some time." And the cloud added some of its own problems. "First, every cloud vendor has its own proprietary identity management system. So there is no foolproof method, and if I can get the right identity management in one context, it will be correct in another context, "he said.

In addition, it history shows that when you process multiple incompatible systems, it can also cause failures. I think it's best to have a standard interface between customers and more ways to play the plug-ins.

SAML and OAuth

In the meantime, however, Gartner analyst Gregg Kreizman has been looking for the right approach. He used identity and access management (IAM) to describe the challenge. Carpenter points out that islands of the same identity or islands that already exist can be copied into the cloud.

As a result, the SaaS provider begins to reshape the IAM functionality, for example, by applying for federated APIs and certifications to achieve a single sign-on-like function.

"The enterprise has now developed the IAM and expanded the already completed content into the cloud and their SaaS applications," he said. According to Kreizman, the challenge of certification has matured. However, the success of the public cloud also requires an API or an Enterprise infrastructure Web service.

Kreizman says traditional IAM vendors have expanded their offerings for their allies, and extension connectors can be combined with cloud resources such as Google Apps and Salesforce. Another trend is the emerging Iamaas market iam as a service by aggregating small vendors, providing the core of the IAM functionality into the cloud or being retrieved from the cloud. The Iamaas company implements connection components or provides gateways at the client side, joins their services in the cloud, and connects SaaS vendors.

Traditional IAM vendors are also creating services in the cloud, more like gateway providers. For example, Lighthouse's computer service already employs IBM's Tivoli software heap, "encapsulating it to make it easier to use." He points out that they can provide a similar function for internal applications.

But this is only temporary, Kreizman says, without a successful guideline. "There is some trepidation about using these services. Some organizations do not want to put identity data or other sensitive information into the cloud. However, some want to "test whether there is a problem omission." ”

Kreizman says those who are trying to overcome the IAM problem should be familiar with some of the relevant techniques, such as:

The authentication-side Security Assertion Markup Language (SAML) is the main winner for the federation because it provides the ability to single sign-on. OpenID Connect (the alternative to OpenID, based on the OAuth2.0 protocol) also appears and may be more useful. OpenID Connect is a lightweight specification that can provide a framework for identity collaboration through the RESTful API

OAuth was built as a means of accessing resources in the cloud, and he has been identified by key players such as Facebook and Twitter.

Simple Cloud Identity Management (SCIM) is a specification supported by some vendors, built on existing templates (in accordance with its boosters) and targeted at reducing overhead and user management complexity.

The

also has a u-ma-user admin access. Kantara's proposal, U-ma stronghold, a U-ma authorized Web user can authorize Web application requests at once, constantly accessing the address resource that contains the "Personal data" service host, and the Authorization decision Service (Authorization Manager) acts as an access decision to tell the host.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.