Tag Archives: #eic10

Identity and Security on the Cloud Train

I’ve had many conversations with Dave Kearns over the years in hallways, a few beer halls, and conference panel discussions at events like the Internet Identity Workshop and the European Identity Conference. The conversations have been lively and often pushed my thinking in new directions. We’ve followed a similar path from the directory services of the 90s to Internet identity systems, and now on to cloud computing as it accelerates the adoption of identity services and the identity provider model.

In a recent newsletter Dave riffs on my presentation at the European Identity Conference and then concludes with this paragraph:

“The cloud is a reality. Cloud-based computing is a reality. Platform-as-a-service, application-as-a-service and, yes, identity-as-a-service will soon be as pervasive as client-server computing became in the last century. This will mean fundamental changes in the ways we think about identity and security. Get on that train, or be left at the station.”

Dave, well said.

And the journey continues.

Security, Identity, and Business Drivers at EIC 2010

Earlier this month I attended the European Identity Conference in Munich. The conference is put together by Kuppinger Cole + Partner and they do a great job. As I’ve posted before each year it gets better, and this year was no exception.  This year there were great sessions with cutting edge content, really good food and beer, and vibrant interaction between vendors and customers. It all added up to a very productive week. Oh, and there was really good beer.

Last year, Martin Kuppinger and I led a workshop on cloud computing, and we did it again this year much more in depth – but that’s another post. This year, there was a whole content track devoted to the cloud. As I see it, cloud computing has evolved to become just “the cloud” and is a set of technologies and business models which have the requisite force to drive adoption of identity-based security.  So combining an identity conference with a cloud conference is a Very Good Idea.

I gave a keynote in the Cloud 2010 track. KCP were kind enough to post the video of the session . You can also download the presentation. One advantage of my occasionally-derided “Wall of Words” presentation style is that you can easily get the main points by scanning through the presentation. I took all the photos in the presentation in Munich a few days before the session, which made it more relevant and fun for me.

The concepts in the presentation have emerged in the last year while working on Novell’s Cloud Security Service . Supporting insights and statistics came from a survey initiated by our own Anita Moorthy. Basically the presentation covers how business drivers affect the security needs of enterprises, SaaS vendors and cloud providers.

Here’s a brief overview.

A survey of some current market forces and players:

  • We have seen many times how a disruptive force in information systems is departmental autonomy pulling in products and services under the enterprise IT radar. This is again a significant factor in the adoption of SaaS applications.
  • The adoption of SaaS applications is accelerating a shift by traditional hosting companies and telcos to IaaS and PaaS models, and they are increasingly moving to attract SaaS vendors in addition to enterprises.

The business and security interactions in the cloud involve enterprises, SaaS vendors, and cloud providers – each with different motivations. From this current cloudscape, I identified 3 trends and possible traps in each:

  • Identity-based security is increasing in importance. Cloud services are pushing enterprises to emphasize identity based security rather than network security
  • SaaS and IaaS are converging on PaaS. Infrastructure providers are moving up stack and applications need to be extensible… converging on platform services, including identity services.
  • Cloud providers are increasingly offering identity services – and becoming identity providers. Identity services provide much needed security, and stickiness. Application marketplaces are a powerful paradigm growing around identity provider hubs.

We concluded with some recommendations for enterprises, SaaS vendors and cloud providers.

For years, we have been working on standardizing, implementing, and deploying the identity provider model – which separates the sources of authentication and identity information from services that use identity information. It is clearly a better model for humans than separate accounts in every service. However, as Jeff Bohren succinctly said, “Change is hard. Passwords are easy.” More than ever I see trends in cloud computing that are finally providing the business model and incentives for enterprises, SaaS vendors, and cloud providers to move to the identity provider model. EIC 2010 further accelerated those trends.

I very much enjoyed the conference, working with the KCP team, and the interaction with customers, competitors and partners.

As always, I’d appreciate any feedback on the presentation, offers of presentation rewriting, coaching on public speaking, etc.