Monday, November 17, 2008

Identity in the Cloud - the next new thing?

I have been spending more time out talking with customers and prospects lately about all sorts of stuff. It seems as the economy slows down and belts tighten, the smart companies talk about what's next that they need to understand, and probably deal with. One of the hot topics I've noticed is the push to enter the cloud computing fray. Once that decision is made, it's like the early internet all over again - how do we implement secure controls for our users, admins, etc.

In other words, if we push ahead into the Cloud, how do we maintain the same level of security we have taken ___ years to get to now?

The issue is that with Web 2.0 apps, cloud computing etc, is that layers and functionality get extracted from one another so that they may run, interconnect, and be used independently. Awesome idea. I get it.

The issue is that as all these separate components become virtualized or cloudy, how do I maintain a secure environment? Federation is great, but what if there are a multitude of Fedration solutions that need to be cobbled together? Where does that happen? Can it?

If I log into my gmail account, and then buy something on ebay, use paypal to pay for it, and want to store it on Itunes or Amazon (or both), how is my identity protected? How do they know it's me, and how am I sure that it's truly me and not (in my case) the actor from UK with the same last name?

I know that we'll figure it out, it's just the next iteration of Identity as I see it. A new paradigm in computing driving a new paradigm in user management, authentication, and trust.