Identity issues for 2010

* Industry insiders agree that cloud computing security will be a major topic in the year ahead

A belated Happy New Year to you all, and let's hope it's a better one that 2009. But what can we look forward to in the coming year? I posed that question to a number of people in the IdM industry and over the next few issues we'll look at what they had to say.

Today I want to focus on the topic that was most popular -- cloud computing and identity.

FAQ: Cloud computing, demystified

Ping Identity CEO Andre Durand is frequently out front in predicting IdM's future. He told me: "…big companies used 2009 to line up their cloud identity/security strategies. In 2010 they will start to make moves to shore up and accelerate those plans."

This was echoed by Novell's Justin Steinman (vice president of solution and product marketing), who said: "2010 will be the year that we take identity into the clouds. Everyone in the industry is excited about using cloud computing." However, he also voiced some major concerns about these moves, adding: "But what about the security concerns? How do you control who has access to what data in the cloud? How do you ensure that roles are enforced? How do you provision and, more importantly, de-provision identity in the cloud?"

Kuppinger Cole + Partner co-founder Martin Kuppinger also mentioned provisioning, and added another concern when he prdicted: "Some vendors will add 'cloud-specific' capabilities, e.g. provisioning to SaaS offerings like Salesforce, adding 'cloud-style' SSO features to E-SSO products, and so on. Seems to be very logical -- why should any customer have a SSO in the cloud for the cloud and another one internally?"

Not only were provisioning and authentication raised as issues for "the cloud" but the full range of identity-based security issues will have to be addressed. Microsoft's John "JG" Chirapurath, senior director, identity and security marketing, touched on this when he told me: "Information-aware security becomes the new big challenge for consumers and enterprises alike. In the age of the cloud, how do you protect and access your information, whether you are a consumer or enterprise?" Chirapurath gave this example: "Take Apple, it offers a service called MobileMe for its iPhone users -- which is a cloud service that users can use to upload information which can also be accessed from the iPhone. Enterprises are using private and public clouds in a similar manner." He also reminded me that the threat "battlefield" has changed: "Add to this the new threat landscape where profit motivation is the primary reason why people write malware, often employing traditional software engineering practices to write malware. Nation states and the mafia being the prime movers."

Finally, Aveksa President Deepak Taneja gave me not so much a prediction as a warning: "The industry recognizes that delivering business applications via cloud computing is impossible to scale without a strong identity and access governance and management framework in place. An organization must be able to extend its business controls beyond its enterprise network and identity and access constitute the common thread that runs across all controls."

The cloud, it seems, offers loads of possibilities but is filled with potential traps. We'll follow these developments closely this year.

There's more being predicted, though, and we'll look at other prognostications next time.

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022