Monday, November 17, 2008

Identity in the Cloud - the next new thing?

I have been spending more time out talking with customers and prospects lately about all sorts of stuff. It seems as the economy slows down and belts tighten, the smart companies talk about what's next that they need to understand, and probably deal with. One of the hot topics I've noticed is the push to enter the cloud computing fray. Once that decision is made, it's like the early internet all over again - how do we implement secure controls for our users, admins, etc.

In other words, if we push ahead into the Cloud, how do we maintain the same level of security we have taken ___ years to get to now?

The issue is that with Web 2.0 apps, cloud computing etc, is that layers and functionality get extracted from one another so that they may run, interconnect, and be used independently. Awesome idea. I get it.

The issue is that as all these separate components become virtualized or cloudy, how do I maintain a secure environment? Federation is great, but what if there are a multitude of Fedration solutions that need to be cobbled together? Where does that happen? Can it?

If I log into my gmail account, and then buy something on ebay, use paypal to pay for it, and want to store it on Itunes or Amazon (or both), how is my identity protected? How do they know it's me, and how am I sure that it's truly me and not (in my case) the actor from UK with the same last name?

I know that we'll figure it out, it's just the next iteration of Identity as I see it. A new paradigm in computing driving a new paradigm in user management, authentication, and trust.

2 Comments:

Blogger Unknown said...

The whole issue with federation at large is trust and subsequently the accountability that goes along with it. There is a large amount of business related questions that have to be answered and problems to be solved before organizations can be assured that the circle of trust is established and that adequate accountability is provided if the dependent services are to suffer an outage or loss of date or any other catastrophe that relates to business continuity. It will be interesting to see this dilemma be addressed in the future.

Wednesday, November 19, 2008 10:57:00 AM  
Blogger frankIdM said...

Identity-in-the-Cloud is more than just federation at this point. A standard/method/framework, must be created that allows Identities to be trusted. An identity looses its meaning without trust.

Tuesday, December 23, 2008 3:42:00 PM  

Post a Comment

<< Home