Welcome!

@CloudExpo Authors: Jason Bloomberg, Pat Romanski, Liz McMillan, Kevin Benedict, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo

@CloudExpo: Article

Is IDaaS a Trustworthy and Feasible Option?

Security, especially surrounding identity, is about context through correlation. IDaaS provides this in a more egalitarian way

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is no longer as private as you think; and hasn’t been for many years.

Politics, ethics and debates over 4th amendment interpretation aside (as they serve no useful purpose in this analysis), a question was asked on one the security forums that in light of these alleged breaches of trust, whether cloud security - and more specifically, identity-as-a-service (IDaaS) is still a feasible and trustworthy option?

Short answer: of course it is. In fact, I will contend it is more important than ever.

Privacy and identity protection, in this case, are like apples and oranges. The concept that confidential corporate information or trade secrets could be at risk may be valid, but not because cloud-based security functions are either in collusion with data collectors or of less veracity than an on-premise deployment. Security, especially surrounding identity, is about context through correlation.  IDaaS provides this in a more egalitarian way than the on-premise variety.  If privacy advocates are yelling that the sky is falling, identities serviced from the cloud have little to do with the current state of distrust. Why? Because it’s about process and not where a server with identity data happens to reside. If you are interested in experiencing IDasS,

Identity as a service is component of a larger layered security strategy. Its primary responsibility is administrative in terms of creating user credentials and assigning them to certain buckets of permission. This provisioning is based on the role of user serves within an organization. Departments or divisions see one sliver, partners see another, customers another—each only is permitted to access just what they need. IDaaS also manages password and their synchronization across the enterprise as well as coordinates the federated connections between certain applications. It is Access Management (SaaS and web single sign on, multi-factor authorization) that enforces the rules set forth in identity management.

In terms of infrastructure, all the collection and correlation happens in the cloud. But so does so much of any company’s business process and activities. Insulating all the functions within a network firewall is no longer a feasible. Not only is it expensive, complex and requires a certain degree of expertise resources, but in the grander scheme, based on the habits and needs of a variable and interactive workforce, this bunker approach is unsustainable and counter-productive towards a modern commercial model. This is true even for larger organizations with considerable capital resources. But think of it like a person with a cache of gold. There are two options…he can hide it under his bed, hire armed guards at his door, and deploy an army of laser-wielding dachshunds…or he can make a deposit at the bank. Yes, the money is out of his sight, but he still retains control and gets the added value of the bank’s steel vault.

But you say, how can you personally assure the security of data (and by extension, privacy) if its custody lie in the cloud? First, don’t mistake cloud security for security in the cloud. Major difference…one is a solution set whose sole purpose is to make certain enterprise class security is actively protecting assets based on a client’s business needs (this is the slot IDaaS falls into). The other is an application that happens to use the cloud to collect and apply data. And it is the former that takes great strides to ensure the latter does not leak data and denies access to those who are not supposed to see such things.

As I mentioned, it starts and ends with context and correlation. For example, a partner company wants to place an order for 1000 of your eWidgets. They of course could call your rep and give their order over the phone (hello 1991!). The rep can walk the order over to S/R and then Accounting to put the invoice in the mail. Or they could log onto your website with a unique user name and password to an order form off the ERP. This of course integrates with automated shipping and payment options…etc. But let’s stick to Identity. First, using IDaaS the partner password opens the door to only a sliver of the information/functionality they need. This is based off authorizations which are created when their account is created (or modified by a trusted administrator). Their role is provisioned based on your decision of their need. But how do you know the intent of that partner…they are outside your network control. Are their firewalls secure? Do they take security as seriously as you? For this example, let’s say not. Someone has stolen their username. If they don’t have the password; simple, no access. If after 3 failed log ins, your escalated security locks them out and sends an alert to IT. But this is a fired employee or a good hacker…they have a password. However based on several multi-authentications or other tell-tale intrusion signs you can tell its not a valid login--wrong IP address; orders coming in the middle of the night; user is located in Beijing. Each element on its own might not be alarming,  but correlated together, provides context (situational awareness based on adaptive risk). The point is, privacy of data is not relevant based on whether your “walls” are made of cloud or otherwise—they work based on your process and how well it is unified and layered. IDaaS is simply a tool within a layer of other tools. If they don’t share information, risk escalates.

Risk is endemic in every industry. And no system is foolproof; cloud or otherwise. To those who still believe cloud security and security from the cloud are still mired in the Wild West—proceed at your own risk—are misinformed. If you want to build that bunker, I hope you have the cash and resources to do so, and I wish you well…especially if it helps you sleep better at night. However, the use of IDaaS or any other cloud security tool to manage the credentialing and authorization is not only feasible in terms of easy manageability and affordability, but creates the necessary hurdle to prevent identity leakage. And it is more important than ever because it is a solution set available to wider group of organizations that either could not afford an enterprise solution or have the manpower to deploy and consistently sustain an initiative. Identity Management, in and of itself, is not the answer to thwart issues about privacy, but it is a needed and important piece of the puzzle to lessen the vulnerability gap…especially if Big Brother (or certain countries with questionable agendas) are watching.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
SYS-CON Events announced today that Akvelon will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Akvelon is a business and technology consulting firm that specializes in applying cutting-edge technology to problems in fields as diverse as mobile technology, sports technology, finance, and healthcare.
Connecting to major cloud service providers is becoming central to doing business. But your cloud provider’s performance is only as good as your connectivity solution. Massive Networks will place you in the driver's seat by exposing how you can extend your LAN from any location to include any cloud platform through an advanced high-performance connection that is secure and dedicated to your business-critical data. In his session at 21st Cloud Expo, Paul Mako, CEO & CIO of Massive Networks, wil...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
As more and more companies are making the shift from on-premises to public cloud, the standard approach to DevOps is evolving. From encryption, compliance and regulations like GDPR, security in the cloud has become a hot topic. Many DevOps-focused companies have hired dedicated staff to fulfill these requirements, often creating further siloes, complexity and cost. This session aims to highlight existing DevOps cultural approaches, tooling and how security can be wrapped in every facet of the bu...
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, d...
IT organizations are moving to the cloud in hopes to approve efficiency, increase agility and save money. Migrating workloads might seem like a simple task, but what many businesses don’t realize is that application migration criteria differs across organizations, making it difficult for architects to arrive at an accurate TCO number. In his session at 21st Cloud Expo, Joe Kinsella, CTO of CloudHealth Technologies, will offer a systematic approach to understanding the TCO of a cloud application...
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Secure Channels, a cybersecurity firm, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Secure Channels, Inc. offers several products and solutions to its many clients, helping them protect critical data from being compromised and access to computer networks from the unauthorized. The company develops comprehensive data encryption security strategie...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SS...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
SYS-CON Events announced today that App2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. App2Cloud is an online Platform, specializing in migrating legacy applications to any Cloud Providers (AWS, Azure, Google Cloud).
The goal of Continuous Testing is to shift testing left to find defects earlier and release software faster. This can be achieved by integrating a set of open source functional and performance testing tools in the early stages of your software delivery lifecycle. There is one process that binds all application delivery stages together into one well-orchestrated machine: Continuous Testing. Continuous Testing is the conveyer belt between the Software Factory and production stages. Artifacts are m...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
Cloud resources, although available in abundance, are inherently volatile. For transactional computing, like ERP and most enterprise software, this is a challenge as transactional integrity and data fidelity is paramount – making it a challenge to create cloud native applications while relying on RDBMS. In his session at 21st Cloud Expo, Claus Jepsen, Chief Architect and Head of Innovation Labs at Unit4, will explore that in order to create distributed and scalable solutions ensuring high availa...