Focusing on Data and Fact with less Hype

Jon Shende

Subscribe to Jon Shende: eMailAlertsEmail Alerts
Get Jon Shende: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Microservices Journal, Cloud Application Management


Identity Management in Cloud Computing

An Overview

Web-services research and protocol applications have been around and in use for quite some time now. With the potential Capex and Opex savings enterprises can potentially realise from utilizing a cloud computing service model, there should also be added focus on ensuring that security is properly implemented either in authentication or authorization.

Cloud Computing, with its foundation in the world of virtualization, can take advantage of key aspects of web service implementations and security practice; but only to a point. Web service policies are based on a static model that is known, defined, regulated and contained. However, with Cloud Computing, these dynamics change. We can assert that within the cloud environment we deal with a heterogeneous digital ecosystem that is dynamic in nature.

This leads to a concept which has been a topic of interest for the last several years -Federated Identity Management (FIM). FIM is a process where users are allowed to dynamically distribute identity information across security domains. Authenticated identities that are recognised are able to participate in personalised services across domains, thereby increasing portability of digital identities (i.e. customers, partners, joint ventures, vendors, affiliates, subsidiaries and employees).

With this process there is no central storage of personal information, however users are still able to link identity information between accounts. This process can significantly reduce costly repeated provisioning, mitigate security loopholes and resolve traditional user issues caused by rigid application architecture.

Any enterprise that will be conducting business within the cloud will come across some instance that involves third party trust. Enterprises can implement a federation model to insure against the risk of supporting a business model where there is a strong likelihood of a third party risk.

The Federated Identity Management model involves four logical components, the user, the user agent, the service provider (SP), and the identity provider (IdP), all of which are based on Trust and Standards. Identity Management (IdM) plays an important part in this evolving virtualized world of Cloud Computing as it ensures the compliance and regulations (e.g. HIPAA, SOX,); security and collaboration needed for an enterprise

According to Maler and Reed; One can then state that the basic concept of federated identity management is a process whereby a user's identification is conducted on the Web with the process called Single-Sign-on (SSO).

There are three main federated identity protocols:

  1. Security Assertion Markup Language (SAML)
  2. OpenID specification and
  3. InfoCard specification underlying Microsoft's Windows Cardspace

While SAML 2.0 SSO can be described as the gold standard for implementation, OpenID is also a choice for quite a few in the industry. There is however shortcoming with OpenID when compared to SAML 2.O, nevertheless a combination of say Open ID and InfoCard can compensate for most shortcomings.

Of course we can take this even further with the option of biometrics; however the objectives, needs and requirements of a business should be primary drivers regarding which standard or protocol to implement. We should also ensure a required degree of interoperabilty between client and vendor applications and the SLA definitions.

More Stories By Jon Shende

Jon RG Shende is an executive with over 18 years of industry experience. He commenced his career, in the medical arena, then moved into the Oil and Gas environment where he was introduced to SCADA and network technologies,also becoming certified in Industrial Pump and Valve repairs. Jon gained global experience over his career working within several verticals to include pharma, medical sales and marketing services as well as within the technology services environment, eventually becoming the youngest VP of an international enterprise. He is a graduate of the University of Oxford, holds a Masters certificate in Business Administration, as well as an MSc in IT Security, specializing in Computer Crime and Forensics with a thesis on security in the Cloud. Jon, well versed with the technology startup and mid sized venture ecosystems, has contributed at the C and Senior Director level for former clients. As an IT Security Executive, Jon has experience with Virtualization,Strategy, Governance,Risk Management, Continuity and Compliance. He was an early adopter of web-services, web-based tools and successfully beta tested a remote assistance and support software for a major telecom. Within the realm of sales, marketing and business development, Jon earned commendations for turnaround strategies within the services and pharma industry. For one pharma contract he was responsibe for bringing low performing districts up to number 1 rankings for consecutive quarters; as well as outperforming quotas from 125% up to 314%. Part of this was achieved by working closely with sales and marketing teams to ensure message and product placement were on point. Professionally he is a Fellow of the BCS Chartered Institute for IT, an HITRUST Certified CSF Practitioner and holds the CITP and CRISC certifications.Jon Shende currently works as a Senior Director for a CSP. A recognised thought Leader, Jon has been invited to speak for the SANs Institute, has spoken at Cloud Expo in New York as well as sat on a panel at Cloud Expo Santa Clara, and has been an Ernst and Young CPE conference speaker. His personal blog is located at "We are what we repeatedly do. Excellence, therefore, is not an act, but a habit."