Welcome!

Cloud Expo Authors: Pat Romanski, Dana Gardner, Liz McMillan, Elizabeth White, Vormetric Blog

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Big Data Journal, SDN Journal, OpenStack Journal

Cloud Expo: Article

Three Approaches to Single Sign-On for Cloud Application Providers

Ignore, pretend or do something about it?

Did you know that:

  • Half of paid SaaS customers do not use the application at all
  • Nine out of 10 has left an application when they forgot a password, instead of restoring it
  • Eighty-six percent may leave a web site when asked to sign up
  • Two out of five would rather scrub the toilet than come up with a new password

These figures, based on research from Totango and Janrain in 2012, clearly show that sign-up and sign-on are major issues for any cloud application provider.

If you are providing cloud applications to businesses, single sign-on must at least have been up for discussion. Like with most other challenges, there are three possible approaches you can choose between:

  1. Pretend it is not your problem
  2. Pretend you are doing something about it
  3. Do something about it

Let's look at how your choice affects your business, which after all should be your guiding light.

Pretending it is not your problem
This approach is very popular to any challenge, because you get away without doing anything.

Many application providers decide to outsource management of user accounts and password to the customers. They offer some kind of web based administration interface, which one or more local administrators can use to create new user accounts and keeping old ones up-to-date.

However, this approach has some major drawbacks for your business. According to the research mentioned earlier, sign-up and sign-on are among the most critical processes for any online business. This approach transfers the responsibility for these critical processes to people you have no control over, and who have little or no incentives to support your business.

Pretending you are doing something about it
Another popular approach to any challenge is to pretend to do something about, because then you at least have your own back covered.

Some application providers choose this approach by deciding that they only support standards. The problem is that there are no widely adopted standards in this field. SAML is promoted as an industry standard, but that is of little value when your customers haven't adopted it. According to Eric Olden, one of the fathers of SAML, in an article in Computer Magazine in 2011: "The problem with federation and SSO is that, after more than a decade, SAML adoption has not risen above 10 percent of enterprise apps - apparently due to the excessive costs of infrastructure software. There simply is not enough return on investment for most service providers to implement, expand, and manage a complex federation network". The adoption among large enterprises is not any bigger, and especially among mid-sized enterprises SAML is practically non-existent. In my own personal opinion, SAML requires too much from too many to make it mainstream any time soon.

If you pretend you have a solution, then you have to pretend the benefits as well. If half of your business comes from large organizations, and if 10% of them support SAML, then this approach can only bring improvements to 5% of your business. From a business point of view, having a solution that improves 5% of your business is nice to have, but it is by no means strategic.

Doing something about it
Doing something about it is always the hardest choice, because it means that you have to go out to the customers and figure out what would work for them.

So, what are customers using today? As stated above, some large organizations have invested in SAML, but what about the rest? The least common denominator is a network, a user directory, a web server and an internet connection. The most typical setup is a Windows Domain, Active Directory and Microsoft IIS. Active Directory has a market share that is reported to be above 90%, and that figure gives a good indication for the other components as well. Such adoption rates are required by true de facto standards, which are solid enough to build strategic solutions on.

If you are serious about growing your business with large and mid-sized organizations, then it is of strategic importance to eliminate adoption and engagement obstacles related to signing up and signing on. You have to proactively convert as big a share of your customer base as possible to automated sign-on as fast as possible. In order to succeed, requirements on your customers have to be as low as possible in terms of time, investments and expertise. In practice this means that you need a solution, which does not require anything more from your customers than the least common denominator described above. From a business point of view, SAML is just a bonus, and only if you have customers who have invested in it.

If you are interested in such a solution, I would love to continue talks in person.

More Stories By Kjell Backlund

Kjell Backlund, CEO of Emillion, is a seasoned software business entrepreneur with over 20 years experience in international business. He founded Emillion in 2001, with the vision that automating sign-on and user management would be essential to the success of SaaS and Service Desk applications(www.emillion.biz).

@CloudExpo Stories
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series dat...
15th Cloud Expo, which took place Nov. 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, expanded the conference content of @ThingsExpo, Big Data Expo, and DevOps Summit to include two developer events. IBM held a Bluemix Developer Playground on November 5 and ElasticBox held a Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of Bluemix, its services and functionalit...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile ...
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, focused on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud platfo...
At 15th Cloud Expo, Shrikant Pattathil, Executive Vice President at Harbinger Systems, demos a video delivery platform that helps you do interactive videos. He discusses how Harbinger is accomplishing it in the cloud world, the problems they faced and the choices they made to get around these problems.
Between the compelling mockups and specs produced by your analysts and designers, and the resulting application built by your developers, there is a gulf where projects fail, costs spiral out of control, and applications fall short of requirements. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a new approach where business and development users collaborate – each using tools appropriate to their goals and expertise – to build mo...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial C...
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP ...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happe...
"For the past 4 years we have been working mainly to export. For the last 3 or 4 years the main market was Russia. In the past year we have been working to expand our footprint in Europe and the United States," explained Andris Gailitis, CEO of DEAC, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, ...
Over the past year, Datical has had amazing success with our flagship product, Datical DB. We’ve seen multiple visionary, sector-leading companies select Datical DB to drive their Application Schema changes. Now that the number has grown rapidly over the past year, we can begin to see patterns in why customers choose Datical DB. One of them turns out to be pretty emblematic of our other customers. So, let's examine the reasons why they chose to adopt Datical DB.
"ElasticBox is an enterprise company that makes it very easy for developers and IT ops to collaborate to develop, build and deploy applications on any cloud - private, public or hybrid," stated Monish Sharma, VP of Customer Success at ElasticBox, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
“DevOps is really about the business. The business is under pressure today, competitively in the marketplace to respond to the expectations of the customer. The business is driving IT and the problem is that IT isn't responding fast enough," explained Mark Levy, Senior Product Marketing Manager at Serena Software, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Want to enable self-service provisioning of application environments in minutes that mirror production? Can you automatically provide rich data with code-level detail back to the developers when issues occur in production? In his session at DevOps Summit, David Tesar, Microsoft Technical Evangelist on Microsoft Azure and DevOps, will discuss how to accomplish this and more utilizing technologies such as Microsoft Azure, Visual Studio online, and Application Insights in this demo-heavy session.
Entuity®, a provider of enterprise-class network management solutions, today announced that it solidifies its position as a market leader through global enterprise customer acquisitions and a refined channel strategy. In 2014, Entuity increased new license revenues in EMEA by over 75 percent, and LATAM by over 125 percent as customers embraced Entuity for its highly automated solution and unified architecture. Entuity’s refined channel strategy focuses on even deeper strategic alignment with ke...
Log data provides the most granular view into what is happening across your systems, applications, and end users. Logs can show you where the issues are in real-time, and provide a historical trending view over time. Logs give you the whole picture. Logentries, a log management and analytics service built for the cloud, has announced a new integration with Slack, the team communication platform, to enable real-time system and application monitoring. Users of both services can now receive real-...