Projecting Identity to the Cloud
by
Join the DZone community and get the full member experience.
Join For FreeI'm on the other side of the world, working with partners and customers
this week on some pretty exciting stuff, so my colleague Isabelle Mauny
will be ably giving the presentation on Single Sign-On to Cloud Services
over in New York at the Cloud Expo.
So what is the reason for Single Sign-On to Cloud services? It's all part of "Bring Your Own Identity" (BYOI). BYOI is a major trend for Cloud services. Witness the many "Log in with Facebook" and "Log in with Google" buttons on sites like TripIt. In the enterprise, it's about "Identity Projection" where users log in as usual (e.g. with Active Directory, or to a corporate portal) and then are seamlessly logged into Cloud-based services such as a corporate Google Mail account. This means projecting your corporate identity up to the Cloud service. It's "Bring Your Own Corporate Identity". And Single Sign-On is what enables this.
The most obvious benefit of this is that is saves the user the hassle of keying in another password. That is a good benefit, but there are a lot more:
- As Nik Cubrilovic put it in his detailed treatise on the "The Anatomy Of The Twitter Attack", "Bad human habit #1: Using the same passwords everywhere. We are all guilty of it." If you ask users to log in to multiple services in order to get their work done, they will most likely use the same password everywhere. This provides an attacker with a "find once, use anywhere" approach to passwords. But if Single Sign-On is used, no password is ever sent up to the Cloud service. This is all part of the trend to minimize password use, for good reasons.
- It is costly to manage all those passwords. Over the years, it has been proven that password resets cost a lot of money. They waste productivity (users can't get to the information they need for their work), and tie up IT helpdesk people. As mentioned in the point above, in the Cloud world all those password resets create a security threat.
- Agility. The word is over-used, but in the case of Single Sign-on to the Cloud, it means that new Cloud-based services can be brought on-stream for employees (TripIt for travel management is a good example), without having to provision all those employees with new passwords.
I think that this "Projection of identity to the Cloud" is going to be an important topic going forward. The session is at 3.15pm on Wednesday June 8th at the Javits Center.
So what is the reason for Single Sign-On to Cloud services? It's all part of "Bring Your Own Identity" (BYOI). BYOI is a major trend for Cloud services. Witness the many "Log in with Facebook" and "Log in with Google" buttons on sites like TripIt. In the enterprise, it's about "Identity Projection" where users log in as usual (e.g. with Active Directory, or to a corporate portal) and then are seamlessly logged into Cloud-based services such as a corporate Google Mail account. This means projecting your corporate identity up to the Cloud service. It's "Bring Your Own Corporate Identity". And Single Sign-On is what enables this.
The most obvious benefit of this is that is saves the user the hassle of keying in another password. That is a good benefit, but there are a lot more:
- As Nik Cubrilovic put it in his detailed treatise on the "The Anatomy Of The Twitter Attack", "Bad human habit #1: Using the same passwords everywhere. We are all guilty of it." If you ask users to log in to multiple services in order to get their work done, they will most likely use the same password everywhere. This provides an attacker with a "find once, use anywhere" approach to passwords. But if Single Sign-On is used, no password is ever sent up to the Cloud service. This is all part of the trend to minimize password use, for good reasons.
- It is costly to manage all those passwords. Over the years, it has been proven that password resets cost a lot of money. They waste productivity (users can't get to the information they need for their work), and tie up IT helpdesk people. As mentioned in the point above, in the Cloud world all those password resets create a security threat.
- Agility. The word is over-used, but in the case of Single Sign-on to the Cloud, it means that new Cloud-based services can be brought on-stream for employees (TripIt for travel management is a good example), without having to provision all those employees with new passwords.
I think that this "Projection of identity to the Cloud" is going to be an important topic going forward. The session is at 3.15pm on Wednesday June 8th at the Javits Center.
Cloud
Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Trending
-
How to Submit a Post to DZone
-
DZone's Article Submission Guidelines
-
Structured Logging
-
Effective Java Collection Framework: Best Practices and Tips
Comments