Everyone these days seems to want to talk about "the cloud". Cloud computing is the latest buzz phrase that all vendors seem to want to attach to their product. But, as I mentioned some weeks ago ("Identity management is key to the proper operation of cloud computing", proper identity management is often lacking in the rush to cloud-enable services and applications. While the Cloud Computing Manifesto (see that earlier newsletter) pays lip service to identity needs, what's actually happening in the marketplace?

I spoke last week with Rob Ferrilli, the CEO of the Ferrilli Information Group, a small (in numbers) but influential consulting services organization providing services to the higher-education community. The company is decentralized with only a small number of consultants. But they have all the office productivity needs of any business, from the smallest one-man shop up to the largest enterprise. According to Ferrilli, cloud computing (aka software-as-a-service or SaaS) was a godsend. He recently decided to move to SaaS applications to run the company's business and support the employees working with college and university clients around the United States. Rob selected a dozen online applications to replace internal systems, including Salesforce for CRM and Google Apps for collaboration and e-mail.

The move brought lots of savings in terms of on-site hardware as well as the time and money needed to install and maintain the applications and services. But it also brought unexpected complexity: employees now had 12 different accounts and passwords to manage.

The Ferrilli Group's answer to this problem was myOneLogin.com, a service of Tricipher, a company featured in this space before (see "Seven strong authentication methods,"

 MyOneLogin creates a single Web application portal, combining strong authentication and single sign-on for Web applications. Using myOneLogin, you can log in once to access a whole set of Web applications. But this isn't another "user-centric" authentication service, such as OpenID. MyOneLogin brings all of the strong authentication methods of Tricipher to bear and is intimately familiar with the authentication steps needed for various cloud-based SaaS services.

In fact, when using myOneLogin, the user isn't even aware of the authentications (typically username/password) that gain him/her access to the cloud application. So there's no possibility of the user either accessing the services "on their own" (say, after they've been terminated or quit) or passing that information (wittingly or not) to a third party (i.e., no chance of phishing).

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.