|By Kevin Nikkhoo||
|February 7, 2014 10:00 AM EST||
The modern enterprise is a fluid entity. As an IT construct it expands and contracts (sometimes simultaneously), and many of the moving parts (like users and applications) are themselves evolving and changing. This creates unique challenges in operational efficiencies, core competency support, compliance observance and risk management. The central theme to all these challenges is establishing and maintaining control of applications which serve as gateways to all the valuable data (personal, trade secrets and other IP) on which an enterprise exists. Many companies have turned to an identity management solution which administrate and validate the digital identities of authorized users.
This is not a new concept, nor is it a foreign practice to many established enterprises. Identity management combined with controlled and channeled access is a recognized best practice and regulatory compliance necessity. Many companies have invested in some sort of authoritative identity repository and management system. The rising issue is that in order to keep up with the quickly changing landscape of SaaS, cloud and web –based apps, that investment becomes costlier and the ability to agilely address identity validation and authentication becomes less responsive.
Unless you leverage the cloud to augment existing systems.
Let’s assume an enterprise has made a serious investment in a solution like IBM Tivoli or Oracle Identity Manager. Both products have significant clout and enterprise functionality. It handles the identity creation, rules management, administration and provisioning for many of the legacy and on-premise products and internal systems. It's no secret that these enterprise monoliths are expensive to purchase, deploy and continuously maintain. So, when examining the scope of applications available to users, several are left unsecured because of the cost and resource drain to incorporate them into IDM fold. Layered on this is the need to authenticate and authorize users outside of an enterprise’s direct control. This includes 3rd party suppliers, vendors and even customers; all who need access to slivers of data contained in specific applications.
The costs to expand the on-premise authentication scope are broader and deeper than simply adding the subscription price of a SaaS solution. There is the licensing of the adapter (or connector) to allow the data of the SaaS to securely flow between the application and the IDM solution via Active Directory (or other repository source). There is support and maintenance (usually 20% of the purchase price paid annually). There are the professional services to install and configure the connectors. There is the cost of development, time-to-market gaps, and the added burden of doing this multiple times for each SaaS and web-based application.
Yet, by deploying a complimentary IDaaS (identity-as-a-service) strategy, all of the above costs, services and deployment difficulties are considerably reduced or eliminated, while still promoting the necessary security gravitas to assert control, streamline workflow and optimize IT resources. As part of the IDaaS arsenal, most of the popular federated connectors are already available out of the box. IDaaS managed from the cloud also extends its scope to those Non-SAML based application (web-based) through an identity gateway. So, no development costs, no additional licenses, and professional services shrink to a minimum. By creating this umbrella over your virtual footprint, the ability to automatically provision and deprovision user accounts extends to these new applications as seamlessly as if they were parked on-premise. Additionally, creating a parallel-yet-integrated identity manager allows for seamless integration with single sign on. This unique cloud-controlled advantage enforces corporate access policy decisions across the enterprise and puts IT back in control of the IT landscape. It eliminates the potential for Shadow IT applications, BYOD abuse and enables better productivity.
The notion is not to reinvent the wheel, but to expand the metaphor, change out the tires for all-terrain use. If an organization has spent millions to create a viable identity management system, it is unlikely they will abandon the project to put the entire administration and management in the cloud. However, it is prudent to create a cost-effective, enterprise grade equivalent to integrate new applications, multiple data stores and “outside,” users accounts into a secure and controlled environment. In short, it consolidates the variables into a manageable, automated and centralized strategy without incurring additional resources and runaway costs.
Some call this a hybrid strategy. Regardless of the label, a strategy that extends your capability to authenticate, attest and authorize user names, passwords and permissions beyond your firewall will only strengthen you defense against breach, unwanted usage and data leakage from insider threats. In that it can be done with minimal disturbance and without deep pocket spending makes this all the more attractive and practical.
The automations inherent in IDaaS also facilitates stronger compliance…especially when it comes to monitoring the SaaS and web applications. Instead of an infrequent review of logs real time reports can be instantaneously generated to see exactly who accessed what application. But the cornerstone of compliance is to monitor if any changes were made, especially to access protocols (passwords, user names etc…). IDaaS can note in real time when any attribute changes, who made the change and who approved the change. This is a standard compliance audit requirement.
The proliferation of SaaS and web-based applications has changed the security quotient. Leaving these applications partially secured still leaves them partially unsecured. IDaaS allow you to close those vulnerability gaps. Despite best efforts, network perimeters have all but disappeared. All too often, because of multiple data stores and the virtual left hand does not know what the right is doing.
As noted earlier, your IT environment continues to expand and contract. Just consider the lifecycle of the different users that need to access different applications. New hires, promotions, demotions, firings, new partners, new customers, latent customers-- each instance requires some modification to their identity rights. Does Chuck, who used to be in your accounting department still have his active user credentials? Has Rachel who hasn’t ordered from your site in 3 years had her account retired? How easy would it be for Chuck, Rachel or some nefarious account takeover hacker using their stolen credentials to create significant havoc on your network? It’s a significant task and greater responsibility to find each data store they have been given access and deprovision, However, IDaaS can turn off or modify any user account instantly-both in the cloud and through on-premise systems through its connection to Active Directory (or LDAP, AS/400, MySQL, Solaris, RedHat, etc…).
Now multiply the above scenario by 500 or 5000 users a day for a modest enterprise when creating users, resetting passwords and permission sets and you begin to recognize the significant advantages and efficiencies a centralized and augmented with the cloud identity rights management and access control system provide. And the larger the organization, the more complex these data islands are to resolve.
Stronger forms of authentication and authorization need to be deployed in response to the growing threats. Using an IDaaS and SSO combination from the cloud is a proactive step towards consolidating all the variables and cost-effectively strengthening your identity defenses.
We live in a time when seconds – even milliseconds – can have a dramatic economic impact on your company’s future. With technology being the primary conduit for consumer interaction, the user experience is at center stage. User experience will be a deciding factor in separating the future winners from the losers. By building more speed and agility into the application delivery process, DevOps promises great rewards. However, with this promise, also come significant ramifications for failure. In his session at DevOps Summit, Tom Lounibos, SOASTA CEO, will explore both the benefits and the som...
Oct. 31, 2014 02:00 AM EDT Reads: 1,034
Our expectations for buying all sorts of consumer goods has gone through a radical transformation we now take for granted. Why should we not expect this same level of service from IT businesses? We accept the status quo for how software delivery exists today but would reject it without hesitation if it were applied to pretty much any other online consumer experience. Take pizza delivery as an example. Fifteen years ago ordering a pizza meant trying to choose an item from a grease-stained menu somebody shoved under your door. You'd make a phone call and end up speaking to somebody who sounded ...
Oct. 30, 2014 10:00 PM EDT Reads: 1,011
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 2...
Oct. 30, 2014 07:00 PM EDT Reads: 1,969
When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud. Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep "surgery" including changes to firewalls, subnets and other modifications to the corporate security infrastructure. Connecting a public cloud to the ...
Oct. 30, 2014 07:00 PM EDT Reads: 1,503
SYS-CON Events announced today that Grid Dynamics, the leading provider of scalable eCommerce technology solutions, will exhibit at DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Grid Dynamics is a leading provider of open, scalable, next-generation commerce technology solutions for Tier 1 retail. Grid Dynamics has in-depth expertise in commerce technologies, wide involvement in the open source community and a modern, global workforce. Great companies, partnered with Grid Dynamics, gain a sustainable business...
Oct. 30, 2014 06:00 PM EDT Reads: 1,098
Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format and managed with a high-level API. Their processes run within isolated namespaces that abstract the operating environment independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization." But containers are more than lightweight virtual machines. Beyond their smaller footprint, shorter boot times, and higher consolidation factors, they also bring a lot of new fea...
Oct. 30, 2014 05:00 PM EDT Reads: 1,775
For better or worse, DevOps has gone mainstream. All doubt was removed when IBM and HP threw up their respective DevOps microsites. Where are we on the hype cycle? It's hard to say for sure but there's a feeling we're heading for the "Peak of Inflated Expectations". What does this mean for the Enterprise? Should they avoid DevOps? Definitely not. Should they be cautious though? Absolutely. The truth is that DevOps and the Enterprise are at best strange bedfellows. The movement has its roots in the tech community's elite. Open source projects and methodologies driven by the alumni of companies ...
Oct. 30, 2014 01:45 PM EDT Reads: 1,969
SYS-CON Events announced today that Serena Software will exhibit at DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Serena Software supports DevOps and Continuous Delivery by providing application deployment automation and software release management solutions to replace slow and error-prone manual processes. 2,500 enterprises around the world trust Serena to help them develop and deploy better software.
Oct. 30, 2014 01:30 PM EDT Reads: 1,617
We are all here because we are sold on the transformative promise of The Cloud. But what good is all of this ephemeral, on-demand infrastructure if your usage doesn't actually improve the agility and speed of your business? How must Operations adapt in order to avoid stifling your Cloud initiative? In his session at DevOps Summit, Damon Edwards, co-founder and managing partner of the DTO Solutions, will highlight the successful organizational, process, and tooling patterns of high-performing companies that have reshaped their Operations to enable the business to get full value from their Clo...
Oct. 29, 2014 01:35 PM EDT Reads: 1,263
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An...
Oct. 29, 2014 01:00 PM EDT Reads: 1,572
SYS-CON Events announced today that Gigaom Research has been named "Media Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Ashar Baig, Research Director, Cloud, at Gigaom Research, will also lead a Power Panel on the topic "Choosing the Right Cloud Option." Gigaom Research provides timely, in-depth analysis of emerging technologies for individual and corporate subscribers. Gigaom Research's network of 200+ independent analysts provides new content daily that bridges the gap between break...
Oct. 28, 2014 11:45 PM EDT Reads: 1,648
Sanjeev Sharma is the latest author to join DevOps Journal. Sanjeev is a solution architect and DevOps Worldwide lead with Rational Software, an IBM brand and the author of 'DevOps for Dummies.' DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. SYS-CON Media CEO Carmen Gonzalez is founder and publisher of DevOps Journal, and Roger Strukhoff, long-time SYS-CON editor and the conference chair of Cloud Expo is the editor of the world's leading DevOps resource.
Oct. 28, 2014 11:00 PM EDT Reads: 1,275
SYS-CON Events announced today that IBM is holding a Bluemix Developer Playground on November 5, 10:30 am to 5:30 pm at 15th Cloud Expo. 15th Cloud Expo, co-located with @ThingsExpo, Big Data Expo, and DevOps Summit is taking place Nov. 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. The labs, for developers of all levels, will highlight the ease of use of Bluemix, its services and functionality and provide short-term introductory projects that developers can complete between sessions. Developers will be able spend as much time as they want working on specific DevOps pro...
Oct. 28, 2014 08:00 PM EDT Reads: 1,556
When you set off to build an app that will change the world, designing your system architecture to be reliable and scalable is important but the stark reality is that, for your MVP, you probably had a “need for speed” (of development). You didn’t know what all the axes were to scale your application, where your stress points would be, and what weird and wonderful ways your customers would use it down the road. In a world of zero-downtime services, landing the plane to figure it out is not an option. In his session at DevOps Summit, Andrew Miklas, CTO of PagerDuty, will share lessons learned ...
Oct. 27, 2014 09:00 PM EDT Reads: 1,919
SYS-CON Events announced today that SOASTA, the leader in cloud and mobile testing, will exhibit at DevOps Summit Silicon Valley, which will take place November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOASTA is the leader in cloud testing. Its web and mobile test automation and monitoring solutions, CloudTest, TouchTest and mPulse, enable developers, QA professionals and IT operations teams to test and monitor users with unprecedented speed, scale, precision and visibility. The innovative product set streamlines test creation, automates provisioning and execution, ...
Oct. 27, 2014 06:45 PM EDT Reads: 1,562
Founded in 1997, ActiveState is a global leader providing software application development and management solutions. The Company's products include: Stackato, a commercially supported Platform-as-a-Service (PaaS) that harnesses open source technologies such as Cloud Foundry and Docker; dynamic language distributions ActivePerl, ActivePython and ActiveTcl; and developer tools such as the popular Komodo Edit and Komodo IDE. Headquartered in Vancouver, Canada, ActiveState is trusted by customers and partners worldwide, across many industries including telecommunications, aerospace, software, fina...
Oct. 23, 2014 09:00 PM EDT Reads: 1,917
SYS-CON Events announced today that ElasticBox is holding a Hackathon at DevOps Summit, November 6 from 12 pm -4 pm at the Santa Clara Convention Center in Santa Clara, CA. You can enter as an individual or team of up to 10 developers. A New Star Is Born Every Month! All completed ElasticBoxes will then be sent to a judging panel - 12 winners will be featured on the ElasticBox website in 2015. All entrants will receive five full enterprise licenses for one year + ElasticBox headphones + ElasticBox T-shirt. Winners can also choose to interview with ElasticBox to join one of the fastest growi...
Oct. 22, 2014 01:00 PM EDT Reads: 1,763
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals, audit, approvals, and budgeting.
Oct. 21, 2014 08:45 PM EDT Reads: 1,768
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has demonstrated market validation through customer adoption, positive reviews from industry analysts and k...
Oct. 21, 2014 01:45 PM EDT Reads: 1,819
The speed of product development has increased massively in the past 10 years. At the same time our formal secure development and SDL methodologies have fallen behind. This forces product developers to choose between rapid release times and security. In his session at DevOps Summit, Michael Murray, Director of Cyber Security Consulting and Assessment at GE Healthcare, will examine the problems and present some solutions for moving security in to the DevOps lifecycle to ensure that we get fast AND secure.
Oct. 20, 2014 11:45 PM EDT Reads: 1,652