Welcome!

@CloudExpo Authors: Ed Featherston, Yeshim Deniz, Dalibor Siroky, Liz McMillan, Rostyslav Demush

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @DXWorldExpo

@CloudExpo: Article

Is IDaaS a Trustworthy and Feasible Option?

Security, especially surrounding identity, is about context through correlation. IDaaS provides this in a more egalitarian way

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is no longer as private as you think; and hasn’t been for many years.

Politics, ethics and debates over 4th amendment interpretation aside (as they serve no useful purpose in this analysis), a question was asked on one the security forums that in light of these alleged breaches of trust, whether cloud security - and more specifically, identity-as-a-service (IDaaS) is still a feasible and trustworthy option?

Short answer: of course it is. In fact, I will contend it is more important than ever.

Privacy and identity protection, in this case, are like apples and oranges. The concept that confidential corporate information or trade secrets could be at risk may be valid, but not because cloud-based security functions are either in collusion with data collectors or of less veracity than an on-premise deployment. Security, especially surrounding identity, is about context through correlation.  IDaaS provides this in a more egalitarian way than the on-premise variety.  If privacy advocates are yelling that the sky is falling, identities serviced from the cloud have little to do with the current state of distrust. Why? Because it’s about process and not where a server with identity data happens to reside. If you are interested in experiencing IDasS,

Identity as a service is component of a larger layered security strategy. Its primary responsibility is administrative in terms of creating user credentials and assigning them to certain buckets of permission. This provisioning is based on the role of user serves within an organization. Departments or divisions see one sliver, partners see another, customers another—each only is permitted to access just what they need. IDaaS also manages password and their synchronization across the enterprise as well as coordinates the federated connections between certain applications. It is Access Management (SaaS and web single sign on, multi-factor authorization) that enforces the rules set forth in identity management.

In terms of infrastructure, all the collection and correlation happens in the cloud. But so does so much of any company’s business process and activities. Insulating all the functions within a network firewall is no longer a feasible. Not only is it expensive, complex and requires a certain degree of expertise resources, but in the grander scheme, based on the habits and needs of a variable and interactive workforce, this bunker approach is unsustainable and counter-productive towards a modern commercial model. This is true even for larger organizations with considerable capital resources. But think of it like a person with a cache of gold. There are two options…he can hide it under his bed, hire armed guards at his door, and deploy an army of laser-wielding dachshunds…or he can make a deposit at the bank. Yes, the money is out of his sight, but he still retains control and gets the added value of the bank’s steel vault.

But you say, how can you personally assure the security of data (and by extension, privacy) if its custody lie in the cloud? First, don’t mistake cloud security for security in the cloud. Major difference…one is a solution set whose sole purpose is to make certain enterprise class security is actively protecting assets based on a client’s business needs (this is the slot IDaaS falls into). The other is an application that happens to use the cloud to collect and apply data. And it is the former that takes great strides to ensure the latter does not leak data and denies access to those who are not supposed to see such things.

As I mentioned, it starts and ends with context and correlation. For example, a partner company wants to place an order for 1000 of your eWidgets. They of course could call your rep and give their order over the phone (hello 1991!). The rep can walk the order over to S/R and then Accounting to put the invoice in the mail. Or they could log onto your website with a unique user name and password to an order form off the ERP. This of course integrates with automated shipping and payment options…etc. But let’s stick to Identity. First, using IDaaS the partner password opens the door to only a sliver of the information/functionality they need. This is based off authorizations which are created when their account is created (or modified by a trusted administrator). Their role is provisioned based on your decision of their need. But how do you know the intent of that partner…they are outside your network control. Are their firewalls secure? Do they take security as seriously as you? For this example, let’s say not. Someone has stolen their username. If they don’t have the password; simple, no access. If after 3 failed log ins, your escalated security locks them out and sends an alert to IT. But this is a fired employee or a good hacker…they have a password. However based on several multi-authentications or other tell-tale intrusion signs you can tell its not a valid login--wrong IP address; orders coming in the middle of the night; user is located in Beijing. Each element on its own might not be alarming,  but correlated together, provides context (situational awareness based on adaptive risk). The point is, privacy of data is not relevant based on whether your “walls” are made of cloud or otherwise—they work based on your process and how well it is unified and layered. IDaaS is simply a tool within a layer of other tools. If they don’t share information, risk escalates.

Risk is endemic in every industry. And no system is foolproof; cloud or otherwise. To those who still believe cloud security and security from the cloud are still mired in the Wild West—proceed at your own risk—are misinformed. If you want to build that bunker, I hope you have the cash and resources to do so, and I wish you well…especially if it helps you sleep better at night. However, the use of IDaaS or any other cloud security tool to manage the credentialing and authorization is not only feasible in terms of easy manageability and affordability, but creates the necessary hurdle to prevent identity leakage. And it is more important than ever because it is a solution set available to wider group of organizations that either could not afford an enterprise solution or have the manpower to deploy and consistently sustain an initiative. Identity Management, in and of itself, is not the answer to thwart issues about privacy, but it is a needed and important piece of the puzzle to lessen the vulnerability gap…especially if Big Brother (or certain countries with questionable agendas) are watching.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

@CloudExpo Stories
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchain is approaching the peak. It is considered by Gartner as one of the ‘Key platform-enabling technologies to track.’ While there is a lot of ‘hype vs reality’ discussions going on, there is no arguing that blockchain is b...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology stack to make software development their differentiating factor. Thus microservices architecture emerged as a potential method to provide development teams with greater flexibility and other advantages, such as the abili...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - we've lost control, we've given up cost to a certain extent, and then security, flexibility," explained Steve Conner, VP of Sales at Cloudistics,in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud host...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launching ...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Imagine if you will, a retail floor so densely packed with sensors that they can pick up the movements of insects scurrying across a store aisle. Or a component of a piece of factory equipment so well-instrumented that its digital twin provides resolution down to the micrometer.
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they responded to were some very unique security capabilities that we have," explained Mark Figley, Director of LinuxONE Offerings at IBM, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...