Welcome!

@CloudExpo Authors: Elizabeth White, Zakia Bouachraoui, Liz McMillan, Yeshim Deniz, Pat Romanski

Related Topics: @CloudExpo

@CloudExpo: Article

Identity Management in Cloud Computing

An Overview

Web-services research and protocol applications have been around and in use for quite some time now. With the potential Capex and Opex savings enterprises can potentially realise from utilizing a cloud computing service model, there should also be added focus on ensuring that security is properly implemented either in authentication or authorization.

Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practice; but only to a point. Web service policies are based on a static model that is known, defined, regulated and contained. However, with Cloud Computing, these dynamics change. We can assert that within the cloud environment we deal with a heterogeneous digital ecosystem that is dynamic in nature.

This leads to a concept which has been a topic of interest for the last several years -Federated Identity Management (FIM). FIM is a process where users are allowed to dynamically distribute identity information across security domains. Authenticated identities that are recognised are able to participate in personalised services across domains, thereby increasing portability of digital identities (i.e. customers, partners, joint ventures, vendors, affiliates, subsidiaries and employees).

With this process there is no central storage of personal information, however users are still able to link identity information between accounts. This process can significantly reduce costly repeated provisioning, mitigate security loopholes and resolve traditional user issues caused by rigid application architecture.

Any enterprise that will be conducting business within the cloud will come across some instance that involves third party trust. Enterprises can implement a federation model to insure against the risk of supporting a business model where there is a strong likelihood of a third party risk.

The Federated Identity Management model involves four logical components, the user, the user agent, the service provider (SP), and the identity provider (IdP), all of which are based on Trust and Standards. Identity Management (IdM) plays an important part in this evolving virtualized world of Cloud Computing as it ensures the compliance and regulations (e.g. HIPAA, SOX,); security and collaboration needed for an enterprise

According to Maler and Reed; One can then state that the basic concept of federated identity management is a process whereby a user's identification is conducted on the Web with the process called Single-Sign-on (SSO).

There are three main federated identity protocols:

  1. Security Assertion Markup Language (SAML)
  2. OpenID specification and
  3. InfoCard specification underlying Microsoft's Windows Cardspace

While SAML 2.0 SSO can be described as the gold standard for implementation, OpenID is also a choice for quite a few in the industry. There is however shortcoming with OpenID when compared to SAML 2.O, nevertheless a combination of say Open ID and InfoCard can compensate for most shortcomings.

Of course we can take this even further with the option of biometrics; however the objectives, needs and requirements of a business should be primary drivers regarding which standard or protocol to implement. We should also ensure a required degree of interoperabilty between client and vendor applications and the SLA definitions.

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at http://jonshende.blogspot.com/view/magazine "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."

CloudEXPO Stories
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development process, accelerate application delivery times, and ensure that developers will become heroes (not bottlenecks) in the IoT revolution.
DevOps with IBMz? You heard right. Maybe you're wondering what a developer can do to speed up the entire development cycle--coding, testing, source code management, and deployment-? In this session you will learn about how to integrate z application assets into a DevOps pipeline using familiar tools like Jenkins and UrbanCode Deploy, plus z/OSMF workflows, all of which can increase deployment speeds while simultaneously improving reliability. You will also learn how to provision mainframe system as cloud-like service.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing at Cloudera, covered the ins and outs of Hadoop, and how it can help cloud-based businesses.