Welcome!

@CloudExpo Authors: Elizabeth White, Pat Romanski, Yeshim Deniz, Liz McMillan, Aruna Ravichandran

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo

@CloudExpo: Article

Is IDaaS a Trustworthy and Feasible Option?

Security, especially surrounding identity, is about context through correlation. IDaaS provides this in a more egalitarian way

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is no longer as private as you think; and hasn’t been for many years.

Politics, ethics and debates over 4th amendment interpretation aside (as they serve no useful purpose in this analysis), a question was asked on one the security forums that in light of these alleged breaches of trust, whether cloud security - and more specifically, identity-as-a-service (IDaaS) is still a feasible and trustworthy option?

Short answer: of course it is. In fact, I will contend it is more important than ever.

Privacy and identity protection, in this case, are like apples and oranges. The concept that confidential corporate information or trade secrets could be at risk may be valid, but not because cloud-based security functions are either in collusion with data collectors or of less veracity than an on-premise deployment. Security, especially surrounding identity, is about context through correlation.  IDaaS provides this in a more egalitarian way than the on-premise variety.  If privacy advocates are yelling that the sky is falling, identities serviced from the cloud have little to do with the current state of distrust. Why? Because it’s about process and not where a server with identity data happens to reside. If you are interested in experiencing IDasS,

Identity as a service is component of a larger layered security strategy. Its primary responsibility is administrative in terms of creating user credentials and assigning them to certain buckets of permission. This provisioning is based on the role of user serves within an organization. Departments or divisions see one sliver, partners see another, customers another—each only is permitted to access just what they need. IDaaS also manages password and their synchronization across the enterprise as well as coordinates the federated connections between certain applications. It is Access Management (SaaS and web single sign on, multi-factor authorization) that enforces the rules set forth in identity management.

In terms of infrastructure, all the collection and correlation happens in the cloud. But so does so much of any company’s business process and activities. Insulating all the functions within a network firewall is no longer a feasible. Not only is it expensive, complex and requires a certain degree of expertise resources, but in the grander scheme, based on the habits and needs of a variable and interactive workforce, this bunker approach is unsustainable and counter-productive towards a modern commercial model. This is true even for larger organizations with considerable capital resources. But think of it like a person with a cache of gold. There are two options…he can hide it under his bed, hire armed guards at his door, and deploy an army of laser-wielding dachshunds…or he can make a deposit at the bank. Yes, the money is out of his sight, but he still retains control and gets the added value of the bank’s steel vault.

But you say, how can you personally assure the security of data (and by extension, privacy) if its custody lie in the cloud? First, don’t mistake cloud security for security in the cloud. Major difference…one is a solution set whose sole purpose is to make certain enterprise class security is actively protecting assets based on a client’s business needs (this is the slot IDaaS falls into). The other is an application that happens to use the cloud to collect and apply data. And it is the former that takes great strides to ensure the latter does not leak data and denies access to those who are not supposed to see such things.

As I mentioned, it starts and ends with context and correlation. For example, a partner company wants to place an order for 1000 of your eWidgets. They of course could call your rep and give their order over the phone (hello 1991!). The rep can walk the order over to S/R and then Accounting to put the invoice in the mail. Or they could log onto your website with a unique user name and password to an order form off the ERP. This of course integrates with automated shipping and payment options…etc. But let’s stick to Identity. First, using IDaaS the partner password opens the door to only a sliver of the information/functionality they need. This is based off authorizations which are created when their account is created (or modified by a trusted administrator). Their role is provisioned based on your decision of their need. But how do you know the intent of that partner…they are outside your network control. Are their firewalls secure? Do they take security as seriously as you? For this example, let’s say not. Someone has stolen their username. If they don’t have the password; simple, no access. If after 3 failed log ins, your escalated security locks them out and sends an alert to IT. But this is a fired employee or a good hacker…they have a password. However based on several multi-authentications or other tell-tale intrusion signs you can tell its not a valid login--wrong IP address; orders coming in the middle of the night; user is located in Beijing. Each element on its own might not be alarming,  but correlated together, provides context (situational awareness based on adaptive risk). The point is, privacy of data is not relevant based on whether your “walls” are made of cloud or otherwise—they work based on your process and how well it is unified and layered. IDaaS is simply a tool within a layer of other tools. If they don’t share information, risk escalates.

Risk is endemic in every industry. And no system is foolproof; cloud or otherwise. To those who still believe cloud security and security from the cloud are still mired in the Wild West—proceed at your own risk—are misinformed. If you want to build that bunker, I hope you have the cash and resources to do so, and I wish you well…especially if it helps you sleep better at night. However, the use of IDaaS or any other cloud security tool to manage the credentialing and authorization is not only feasible in terms of easy manageability and affordability, but creates the necessary hurdle to prevent identity leakage. And it is more important than ever because it is a solution set available to wider group of organizations that either could not afford an enterprise solution or have the manpower to deploy and consistently sustain an initiative. Identity Management, in and of itself, is not the answer to thwart issues about privacy, but it is a needed and important piece of the puzzle to lessen the vulnerability gap…especially if Big Brother (or certain countries with questionable agendas) are watching.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they bu...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, will discuss some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he’ll go over some of the best practices for structured team migrat...
SYS-CON Events announced today that Datera will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera offers a radically new approach to data management, where innovative software makes data infrastructure invisible, elastic and able to perform at the highest level. It eliminates hardware lock-in and gives IT organizations the choice to source x86 server nodes, with business model option...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
As people view cloud as a preferred option to build IT systems, the size of the cloud-based system is getting bigger and more complex. As the system gets bigger, more people need to collaborate from design to management. As more people collaborate to create a bigger system, the need for a systematic approach to automate the process is required. Just as in software, cloud now needs DevOps. In this session, the audience can see how people can solve this issue with a visual model. Visual models ha...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
SYS-CON Events announced today that Avere Systems, a leading provider of hybrid cloud enablement solutions, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources. With decades of experience behind the company’s founders, Avere got its ...
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
In the fast-paced advances and popularity in cloud technology, one of the most critical factors revolves around concerns for security of your critical data. How to assure both your company and your customers they can confidently trust and utilize your cloud environment is most often top on the list. There is a method to evaluating and providing security that exceeds conventional modes of protecting data both within the cloud as well externally on mobile and other devices. With the public failure...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Microsoft Azure Container Services can be used for container deployment in a variety of ways including support for Orchestrators like Kubernetes, Docker Swarm and Mesos. However, the abstraction for app development that support application self-healing, scaling and so on may not be at the right level. Helm and Draft makes this a lot easier. In this primarily demo-driven session at @DevOpsSummit at 21st Cloud Expo, Raghavan "Rags" Srinivas, a Cloud Solutions Architect/Evangelist at Microsoft, wi...