The term “identity management” is broadly defined as a set of policies and tools that identify individuals within a system or network. Thanks in large part to the rise of the cloud, identity-management software has become faster and further-reaching than ever before—an IT administrator can approve a worker’s access to a particular set of cloud applications from halfway around the world, in a matter of seconds, while setting tighter controls for a new set of mobile devices on their network.
However, despite the boost from the cloud, many of the old issues associated with identity management continue to collectively plague IT.
In recent weeks, Intel and SailPoint have all made forays into delivering identity management services via the cloud, where they join players such as Okta, IBM and CA Technologies. That comes just as players such as VMware extend identity-management technologies developed for on-premise use to cloud applications.
According to Girish Juneja, Intel’s director of application security and identity products, Intel Cloud SSO (an identity-and-access platform accessible via Salesforce’s Force.com) allows IT organizations to provision, synchronize and de-provision access to thousands of cloud applications. It relies on a two-factor authentication model. Juneja added that Intel included a comprehensive set of reporting and auditing tools for the platform, the better to apparently meet all compliance requirements.
Currently in beta, Intel Cloud SSO is designed to complement to the cloud security services provided by McAfee, which Intel acquired last year. The service will span everything from a Windows desktop to the cloud, Juneja said: “It’s our intent to provide customers with one simple subscription price per user that will provide a consistent single sign-on approach.”
Making a similar recent identity management move into the cloud is SailPoint, a longtime provider of on-premise data governance tools that just launched SailPoint AccessIQ, a cloud service that provides an identity management that can be integrated with the company’s existing on-premise offerings.
According to Jackie Gilbert, vice president and general manager of the newly formed SailPoint Cloud Business unit, SailPoint is the only vendor providing a rich identity management and data governance framework that can be federated both inside and outside the enterprise. “We want to be able to give customers unified visibility into their environments in a way that allows them to also determine their risk levels,” Gilbert said.
Others are extending their technologies to the cloud. For example, just coming out of beta is version 1.5 of Horizon Application Manager, based on technology that VMware gained when it acquired TriCipher in 2010. Horizon Application Manager is a virtual appliance that IT organizations can deploy in their data centers to manage access to specific cloud applications and services.
New Cloud, Old Issues
Despite all this progress, a more unified approach to identity management eludes most organizations.
Dean Weber, CTO of cybersecurity for IT services firm CSC, outlines the core problem: despite the existence of any number of standards, different identity management systems don’t recognize each other’s digital credentials. So while an organization today can deploy a single sign-on (SSO) solution, federating identities across multiple organizations using different identity management systems is basically impossible.
“This is why,” he said, “when you log into your wireless service using your mobile phone, you still have to log into multiple applications and services that don’t recognize, for example, the digital credentials used by Verizon.”
The U.S. government, he added, has been working on solving this problem across multiple agencies—with limited success. The only way the problem might ever be solved is if the government comes up with a national ID policy, one that provides a reliable set of basic digital credentials that everyone could rely on; but the politics of privacy on the Web make that an unlikely development anytime soon.
In the meantime, the tools for managing identity both inside and outside the enterprise are becoming increasingly sophisticated. Rather than forbidding users from using certain devices or accessing specific services, IT leaders these days are being asked to find ways to allow the organization to take advantage of these technologies with the minimum amount of risk possible. That means organizations will rely more than ever on identity-management technologies—making it easier to determine who should have access to what, when and where. But that doesn’t mean an end to issues associated with determining who’s really who.
Image: Africa Studio/Shutterstock.com