Welcome!

@CloudExpo Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Liz McMillan, Aruna Ravichandran

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, SDN Journal

@CloudExpo: Blog Feed Post

A High-Level IDaaS Metric: If and When Moving ID in the Cloud

Before moving any IdM to the Cloud, organizations should balance costs and risks

Building metrics to decide how and whether moving to IDaaS means considering what variables and strategy have to be taken into account when organizations subscribe identity as a service contracts. Before moving any IdM to the Cloud, organizations should balance costs and risks. Accordingly, metrics adopted should be enough flexible to be applied from both a company that is developing an IdM system and a company that already has a IAM in operation but is considering to move the ID to the Cloud. The metric introduced below is included into a coming IDaaS Best Practices helping companies to understand, evaluate and then decide if and how moving ID to the Cloud.

IDaaS: Measure Maturity

  1. IDaaS metric definition starts from on-premise IdM/IAM acquisition and implementation costs. Take into consideration the following parameters:
  2. COSTS – IdM/IAM costs are mainly based upon Infrastructure, Personnel, Administration (Access, Help desk, Education/Courses, ..), Attestation and Compliance (including personnel certification and upgrading), Business Agility expenditures;
  3. RISKS – Risks are based upon expenditures to cover by order:
    -Implementation risks (the risk that a proposed investment in technology may diverge from the original or expected requirements);
    -Impact risks (the risk that the business or technology needs of the organization may not be met by the investment in the IAM solution, resulting in lower overall total benefits);
    -System protection (perimeter defence, audit and surveillance).

The risk/confidence the company is dealing with depends mainly upon the combination of:

  • IAM maturity, in terms of implementation, maintenance and evolution capacity;
  • SOA maturity, to really understand policies by applied processes (privileges by user role, accreditations, de-accreditations, …) and dynamically acting into the organization;
  • Adherence to the criteria that measure service provider(s) compliance with the identity ecosystem framework.

http://cloudbestpractices.files.wordpress.com/2013/07/idaas-maturity2.png

Figure 1 – IDaaS Maturity Framework to IDaaS Best Practices

Accordingly, the metric should be based upon the organization maturity grade. The gauge proposed is made the simplest possible, designed to be flexible: if necessary, this metric can be enriched and applied to more complex systems (more parameters by maturity levels, more maturity levels according to the company’s policy). The metric measures what is the confidence/risk when organizations moves to IDaaS by adopting the following models:

1. ID On-premise – ID is outsourced but infrastructure is kept inside the company. In this case ID personnel manage tools and infrastructure but expertise is coming from the outsourcer;
2. ID Provider Hosted – A private Cloud for IDaaS is managed. Personnel managing the private Cloud (tools) are shared with the service Provider. In this case administration, tools and infrastructure are in the private Cloud and ID management is shared;

http://cloudbestpractices.files.wordpress.com/2013/07/flux-idaas-schema2.png

Figure 2 – IDaaS properties and possible path to the Cloud

3. ID Hybrid – IDaaS is in the Cloud although sensitive information is yet managed internally. ID Hybrid means subscribing private, community and/or public Cloud services. Tools and infrastructure are shared through the Cloud. ID administration is managed in the Cloud.
4. ID in the Cloud – The ID is in the Cloud. Only personnel managing contract and service conditions (all aspects: policy, framework, SLA …) are kept internally.

These aspects are important on one hand considering what risk (and countermeasures) may be taken when moving the ID to the Cloud and on the other hand which takings could be expected in terms of cost savings. Companies have to balance the real business value of the risks based upon on-premise ID maturity and the eventual cost reduction, model by model. In the following picture, an example shows how 3 companies having 3 different levels of maturity for IdM, SOA and Ecosystem adherence, meet 3 scenarios in term of Cost/Saving and Confidence/Risk when decide to move to IDaaS.

http://cloudbestpractices.files.wordpress.com/2013/07/cost-risk-graph2.png

Figure 3 – IDaaS: 3 cases of companies having different level of maturity and risk

Company A – Company A manages advanced projects to implement and maintain high levels of maturity for IdM and SOA. Still, attention is paid to the Cloud identity ecosystem: the Company applies specific criteria to assess services provisioning in the Cloud. By applying IDaaS Best Practices based on Maturity levels, Company A might moderate the risks if decides to move ID in the Cloud. Criteria to adopt Cloud services are enough stable to manage on-demand and full provisioning IDaaS. Cost saving is another aspect should be taken into consideration. By externalizing IDaaS, the expected savings might be impressive (about 70% of CapEx invested) and, in this case, moving to the Cloud can be balanced with a path that further moderates the risk.

Company B – Company B has an intermediate maturity and work in progress projects through the IdM and SOA implementation. The ecosystem interface knowledge also is increasing although it is not yet disciplined. Confidence to move ID to the Cloud is low with respect the Company A and the risk is growing with the above IDaaS models. Considering the CapEx to implement internal IAM and BPM procedures, IDaaS cost saving is lower (about 30% of CapEx invested) then Company A. Company B should mitigate the risk by moving to the appropriate IDaaS model. The right path to subscribe IDaaS should be starting from the most proper IDaaS model to progressively increase levels of maturity.

Company C – Company C has a different challenge to get, with respect Company A and B. Company C is not organized to set defined levels of maturity for IdM and SOA. Still, there is not enough interest or experience to classify proper requirements and accountability mechanisms typical of an identity Cloud ecosystem structure. Identity and SOA cultures exist but they are jeopardized. In this case without CapEx to cover, it seems highly attractive saving soon by moving to IDaaS. However, cost saving only is not the best way, generally speaking, to move to the Cloud, neither to subscribe IDaaS contracts. The risk to move ID in the Cloud is really high. The Company C should ask for:

  • how IDs are provisioned, authenticated and managed (IdM, IAM);
  • who retains control over ID policies and assets (SOA);
  • how are stringent peer to peer security standards (ID ecosystem);
  • how and where are employed data encryption and tokenization (ID ecosystem);
  • how and where are employed federated identity policies (for example: check if they are regularly backed by strong and protected authentication practices) (SOA);
  • what about availability, identity data protection and trust on third parties (ID ecosystem);
  • how is employed transparency into cloud operations to ensure multi-tenancy and data isolation (IdM and ID ecosystem).

Could Company C provide the above answers before movingthe ID to the Cloud? This essential information should be an asset for any company that decide to migrate to the Cloud. Prerequisites above are only a part of the full requirements subscribers should assert before acquiring Cloud ID services. No Company can improvise to move to IDaaS: consequently, possible choices for Company C may be the following:

  • Starting from the low risk ID on-premise model;
  • Moving in any case ID to the Cloud being aware of the risk by trying to balance IDaaS cost saving (OpEx) benefit and Cloud environments introducing transient chains of custody for sensitive enterprise data and applications.

Defining the Metric
The metric that should best describe the above scenarios is based on the products of exponential functions depending upon parameters setting the organization maturity levels. In practice, the general mathematical relationship is the following:

http://cloudbestpractices.files.wordpress.com/2013/07/risk-formula2.png

Here is the meaning of variables and indexes:
R is the Risk/Confidence value defining the range maturity forward the IDaaS model above described;
Pcis the percentage of completion of each maturity range;
V is the variable corresponding to the magnitudes chosen to measure the maturity of the specified range. To calculate the level of IDM, SOA and Ecosystem maturity, 2 variables have been chosen: the project cost (Cm is the current cost and CM the estimated budget cost) and the project time completion (Tm is the current project time and TM the estimated project completion time);
N is the number of maturity ranges considered (IdM, SOA, Ecosystem …).
Constraints: the exponential function is a pragmatic risk estimation based upon the concept of density of probability. To compute the risk/confidence there is no average technique included: the max of the series of the calculated risks has been preferred with respect to the statistical averages models. Looking at the above metric, it requires the following constraint: 3 maturity ranges should be at least considered to estimate the best IDaaS model. They are: IdM, SOA and Ecosystem Framework. Further, the above metric is extensible and it is enough flexible to consider more ranges of maturity and, inside each one, more variables to be added to projects costs and times. Finally, R (risk/confidence) is computed as the max value among maturity series’ risks. In practice, consider the following test rates:

IdM Maturity: Percent of completion 30%, Cm = 25.000,00 $, CM = 75.000,00 $, Tm = 6 months and TM = 24 months
SOA Maturity: Percent of completion 40%, Cm = 55.000,00 $, CM = 90.000,00 $, Tm = 8 months and TM = 24 months
Ecosystem Framework Maturity: Percent of completion 15%, Cm = 10.000,00 $, CM = 30.000,00 $, Tm = 2 months and TM = 6 months

Risk/confidence outcomes based upon the above values are the following and the max value is:

http://cloudbestpractices.files.wordpress.com/2013/07/risk-formula-outcome2.png

Could the company accept the risk of 98% in moving to the Cloud with the ID system? What is the main pain looking at the maturity ranges and the risk rates? What is the appropriate IDaaS model could moderate the risk and reduce the costs? The solution in the figure below might be a measured solution to get confidence and awareness before subscribing an IDaaS contract.

http://cloudbestpractices.files.wordpress.com/2013/07/ballot-cost-risk-graph2.png

Figure 4 – Snapshot based upon the above maturity rates and risk/confidence values

Conclusion
Companies could apply a systematic approach by adopting the gauge above exploited. The metric can help in deciding whether balancing risks and OpEx advantages is appropriate in subscribing an IDaaS contract forward security and business benefits.  Looking at the cost saving for Company C, the above cutbacks could be modest (about 20% or less with respect the actual CapEx) although the ROI would be faster. It depends upon the IDaaS strategy the Company decides to implement.

References

  1. N. Piscopo – Applying MaaS to DaaS (Database as a Service) Contracts. An introduction to the Practice http://cloudbestpractices.net/profiles/blogs/applying-maas-to-daas-database-as-a-service-contracts-an
  2. N. Piscopo – Best Practices for Moving to the Cloud using Data Models in the DaaS Life Cycle
  3. N. McEvoy – IDaaS Identity-as-a-Service best practices http://CanadaCloud.biz
  4. E. Baize et al. – Identity & Data Protection in the Cloud
  5. F. Villavicencio – Advantages of a Hybrid Co-Sourced IDaaS Model
  6. Identity in the Cloud Outsourcing Profile Version 1.0 – OASIS Committee Note Draft 01 /
    Public Review Draft 01
  7. N. Piscopo, N. McEvoyIDaaS – Introduction to the Identity in the Cloud
  8. WG-CloudIDSec IDaaS (Identity as a Service) www.cloud-identiy.info

Disclaimer – This document is provided AS-IS for your informational purposes only. In no event the contains of “A high-level IDaaS metric: if and when moving ID in the Cloud” will be liable to any party for direct, indirect, special, incidental, economical (including lost business profits, business interruption, loss or damage of data, and the like) or consequential damages, without limitations, arising out of the use or inability to use this documentation, regardless of the form of action, whether in contract, tort (including negligence), breach of warranty, or otherwise, even if an advise of the possibility of such damages there exists. Specifically, it is disclaimed any warranties, including, but not limited to, the express or implied warranties of merchantability, fitness for a particular purpose and non-infringement, regarding this document use or performance. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies/offices.

Read the original blog entry...

More Stories By Cloud Best Practices Network

The Cloud Best Practices Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net

@CloudExpo Stories
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Though cloud is the future of enterprise computing, a smooth transition of legacy applications and systems is critical for seamless business operations. IT professionals are eager to start leveraging the cost, scale and other benefits of cloud, but with massive investments already in place in existing infrastructure and a number of compliance and resource hurdles, it can be challenging to move to a cloud-based infrastructure.
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant th...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, will go over the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, applicatio...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
Microsoft Azure Container Services can be used for container deployment in a variety of ways including support for Orchestrators like Kubernetes, Docker Swarm and Mesos. However, the abstraction for app development that support application self-healing, scaling and so on may not be at the right level. Helm and Draft makes this a lot easier. In this primarily demo-driven session at @DevOpsSummit at 21st Cloud Expo, Raghavan "Rags" Srinivas, a Cloud Solutions Architect/Evangelist at Microsoft, wi...
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...