Welcome!

@CloudExpo Authors: Pat Romanski, Jason Bloomberg, Elizabeth White, Kong Yang, John Rauser

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo

@CloudExpo: Article

Is IDaaS a Trustworthy and Feasible Option?

Security, especially surrounding identity, is about context through correlation. IDaaS provides this in a more egalitarian way

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is no longer as private as you think; and hasn’t been for many years.

Politics, ethics and debates over 4th amendment interpretation aside (as they serve no useful purpose in this analysis), a question was asked on one the security forums that in light of these alleged breaches of trust, whether cloud security - and more specifically, identity-as-a-service (IDaaS) is still a feasible and trustworthy option?

Short answer: of course it is. In fact, I will contend it is more important than ever.

Privacy and identity protection, in this case, are like apples and oranges. The concept that confidential corporate information or trade secrets could be at risk may be valid, but not because cloud-based security functions are either in collusion with data collectors or of less veracity than an on-premise deployment. Security, especially surrounding identity, is about context through correlation.  IDaaS provides this in a more egalitarian way than the on-premise variety.  If privacy advocates are yelling that the sky is falling, identities serviced from the cloud have little to do with the current state of distrust. Why? Because it’s about process and not where a server with identity data happens to reside. If you are interested in experiencing IDasS,

Identity as a service is component of a larger layered security strategy. Its primary responsibility is administrative in terms of creating user credentials and assigning them to certain buckets of permission. This provisioning is based on the role of user serves within an organization. Departments or divisions see one sliver, partners see another, customers another—each only is permitted to access just what they need. IDaaS also manages password and their synchronization across the enterprise as well as coordinates the federated connections between certain applications. It is Access Management (SaaS and web single sign on, multi-factor authorization) that enforces the rules set forth in identity management.

In terms of infrastructure, all the collection and correlation happens in the cloud. But so does so much of any company’s business process and activities. Insulating all the functions within a network firewall is no longer a feasible. Not only is it expensive, complex and requires a certain degree of expertise resources, but in the grander scheme, based on the habits and needs of a variable and interactive workforce, this bunker approach is unsustainable and counter-productive towards a modern commercial model. This is true even for larger organizations with considerable capital resources. But think of it like a person with a cache of gold. There are two options…he can hide it under his bed, hire armed guards at his door, and deploy an army of laser-wielding dachshunds…or he can make a deposit at the bank. Yes, the money is out of his sight, but he still retains control and gets the added value of the bank’s steel vault.

But you say, how can you personally assure the security of data (and by extension, privacy) if its custody lie in the cloud? First, don’t mistake cloud security for security in the cloud. Major difference…one is a solution set whose sole purpose is to make certain enterprise class security is actively protecting assets based on a client’s business needs (this is the slot IDaaS falls into). The other is an application that happens to use the cloud to collect and apply data. And it is the former that takes great strides to ensure the latter does not leak data and denies access to those who are not supposed to see such things.

As I mentioned, it starts and ends with context and correlation. For example, a partner company wants to place an order for 1000 of your eWidgets. They of course could call your rep and give their order over the phone (hello 1991!). The rep can walk the order over to S/R and then Accounting to put the invoice in the mail. Or they could log onto your website with a unique user name and password to an order form off the ERP. This of course integrates with automated shipping and payment options…etc. But let’s stick to Identity. First, using IDaaS the partner password opens the door to only a sliver of the information/functionality they need. This is based off authorizations which are created when their account is created (or modified by a trusted administrator). Their role is provisioned based on your decision of their need. But how do you know the intent of that partner…they are outside your network control. Are their firewalls secure? Do they take security as seriously as you? For this example, let’s say not. Someone has stolen their username. If they don’t have the password; simple, no access. If after 3 failed log ins, your escalated security locks them out and sends an alert to IT. But this is a fired employee or a good hacker…they have a password. However based on several multi-authentications or other tell-tale intrusion signs you can tell its not a valid login--wrong IP address; orders coming in the middle of the night; user is located in Beijing. Each element on its own might not be alarming,  but correlated together, provides context (situational awareness based on adaptive risk). The point is, privacy of data is not relevant based on whether your “walls” are made of cloud or otherwise—they work based on your process and how well it is unified and layered. IDaaS is simply a tool within a layer of other tools. If they don’t share information, risk escalates.

Risk is endemic in every industry. And no system is foolproof; cloud or otherwise. To those who still believe cloud security and security from the cloud are still mired in the Wild West—proceed at your own risk—are misinformed. If you want to build that bunker, I hope you have the cash and resources to do so, and I wish you well…especially if it helps you sleep better at night. However, the use of IDaaS or any other cloud security tool to manage the credentialing and authorization is not only feasible in terms of easy manageability and affordability, but creates the necessary hurdle to prevent identity leakage. And it is more important than ever because it is a solution set available to wider group of organizations that either could not afford an enterprise solution or have the manpower to deploy and consistently sustain an initiative. Identity Management, in and of itself, is not the answer to thwart issues about privacy, but it is a needed and important piece of the puzzle to lessen the vulnerability gap…especially if Big Brother (or certain countries with questionable agendas) are watching.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...