The buzz around Identity as a Service is heating up. I'll be discussing this in an online Webinar later this month ("Externalizing Identity into the Cloud,") but there are a couple of things I want to mention today that should be of interest.
First, the always fascinating Phil Lieberman (founder and CEO of Lieberman Software) weighed in on our recent discussions.
"My position has been that in theory IDaaS makes sense. [But] I believe that the IDaaS model breaks down in many areas: first, there is the reality that most IAM systems have extensive customizations done to them to support the unique business models (unique schemas). Second, most of the IAM systems also have integrations with third party line of business applications, that may or may not be supported in an IDaaS outsourced scenario. Third, and most critical in my mind, the IAM function is the most sensitive function in an organization (holding the keys to the kingdom), so the trust level in the vendor's confidentiality as well as business continuity/longevity issues would need to be brought into focus continuously. As a vendor of privileged identity management solutions, we see that most organizations are extraordinarily risk averse and secretive when it comes to identity management and security."
It's a very valid point Phil makes. One that an up-and-coming Austin, Texas, start-up is trying to address. But first a couple of other opinions on IdaaS.
Both Quest's Jackson Shaw and Sunview's Jeff Bohren weigh in on the problems of provisioning software-as-a-service (SaaS) applications. Jackson, in fact, mentions the start-up I want to tell you about -- Conformity.
I had the opportunity to talk to Conformity's founder, Scott Bils, last week and he assured me that Provisioning Services Markup Language (SPML) would be a cornerstone of the next release. That should alleviate some of the fears Jackson and Jeff voiced.
Conformity bills itself as a SaaS Gateway. They don't necessarily store your identity data, but can bridge from your in-house identity store (Active Directory, for example) to the various SaaS services you might use (currently Salesforce.com, NetSuite, OpenAir, Xactly, Google Apps and Amazon's EC2 with more being added regularly). According to Bils, Conformity wants to remove the three major problems that occur when an organization moves to SaaS:
* Decentralization -- departmental administrators now have the domain expertise and management and support responsibilities traditionally delivered by IT, including ownership of application configuration and user management.
* Loss of control -- as applications and associated data migrate outside the corporate firewall with SaaS models, organizations are losing visibility and control of metadata on users, permissions, configurations and usage required for effective policy enforcement.
* Broken integrations -- SaaS applications do not easily integrate into on-premise directory services, systems and identity management tools, and as a result are not effectively integrated into IT management processes.
If SaaS is on your plate or in your future, then Conformity might be what you need.