Cloud computing, compliance raise questions

Opinion
Aug 11, 20093 mins

* Concerns raised at Catalyst Conference still unaddressed by current products.

I’ll continue today with some miscellaneous notes, announcements and conversations that happened in the run up to the recent Catalyst Conference that I started in the last issue.

Cloud computing was a hot topic at Catalyst and also in conversations recently. I’ve devoted a few issues to it, but there are still some areas of concern. As Chris Sullivan, vice president of customer solutions, pointed out to me: Another largely unsolved problem for Identity as a Service is compliance. Do I have any way of knowing how my data is stored? Who has access (not just accounts but firewalls and so on)?  Do I know what country (or countries) my data resides in and, by dint of that, what regulations and civil liabilities I might have?” All interesting questions, largely unaddressed by current products.

At it’s recent Worldwide Partners Conference Microsoft announced the formal names for the products and services that had been going under the code name “Geneva”:

* Active Directory Federation Services – formerly known as Geneva Server (and a name in use since at least 2005)

* Windows Identity Foundation – formerly known as Geneva Framework (this name was suggested back in 2006, but for a slightly different product).

* Windows Cardspace – same as current version (also around since 2006).

Not nearly as catchy as “Vista”, but that name has too much baggage. My preference would have been for Geneva Federation Services, Geneva Identity Foundation and GenevaCards. But, then, I don’t make the big bucks!

Identity Management writer and consultant Guy Huntington reminded me that he wrote about identity verification a couple of years ago – and we’ve still not made much progress. He explored such topics as “digital notaries” and DNA registries. Some might think “Big Brother,” “1984” or “Gattaca”, but read his stuff before jumping to any conclusion.

I recently spoke with Delfigo’s Ralph Rodriguez (president and CEO) and Bharat Nair (vice president of product strategy) about the new release of DSGateway, which they call an Intelligent Authentication Platform. DSGateway uses multiple identity factors including keystroke dynamics, geospatial location and system parameters, to evaluate each user and assign a confidence factor to transparently provide the appropriate level of system access. According to Nair, “You can configure ‘tolerance levels’ to match your internal risk mitigation strategies and policies.” It’s an interesting product – and the road map really got me excited as an upcoming release will take advantage of new computers’ built-in cameras to handle the age-old question “is the user still there and active?” Stay tuned for more on that.

Once again I’ve run out of time and space, but there’s a lot more to come next week.