Seven Ways to Avoid Silos in the Cloud

September 23, 2009 by ADMIN

Share |

Coby Royer, Technical Product Manager for Symplified

Cloud Integration-We are not alone

PaaS and IaaS consumers should have objectives in mind for how the apps they are creating with Cloud computing are to be integrated with other systems.

Constituency

What constituencies are you serving? So you are creating an app with PaaS-Is it for your company’s employees?

Or are you creating a corporate SaaS app to serve your partners or customers? Integration needs will vary based on constituencies.

Single Sign-On

Corporate users will want Single Sign-On (SSO) tied to their existing directories. Customers and Partners may want Single Sign-On tied to their own directories and systems.

There are many options ranging from calling out to another authentication system to federation with standards like SAML.

If you are in corporate IT, you can implement your own session management and validate session tokens from your own authentications.

But if you are a SaaS vendor, federation may be the best way to provide SSO. For example, OpenSAML provides toolkits to make it easy to SAML enable your SaaS application.

Identities

Avoid creating yet another Identity Silo that requires user provisioning/deprovisioning and profile management.

Again, federation can help. Providing integration to external identity systems avoids the whole problem of managing Identity life cycles.

Don’t take on the burden of managing this yourself when your customer is likely to already have solutions in place!

User Profiles and Attributes

In addition to being able to authenticate users and ensure proper management of Identity life cycles you should consider how you manage profile data associated with identities.

There are methods to “single source” your data and minimize the need to synchronize and update multiple copies of the same information.

Consider tying your new PaaS-hosted app to existing directories and Identity Management systems.

Some systems (like Symplified) can pass user attributes to your application to avoid having to mirror what is already in your directories and databases.

You can also expose secure APIs that enable import and export of data.

You Are Not the Only App

We have a natural tendency to focus on just the one application we are creating.

But since almost no one uses “just one app” there is an aggregation effect: as each new app is added to your portfolio, it introduces incremental increase in pain surrounding credentials, profile data, transactional data, compliance data, etc.

So even if managing users in your app is so easy you can do it in your sleep, your customers and their constituencies will still need to learn how your system works.

This is Incremental Pain that turns into a nightmare-no matter how simple one task is, repeating that task many times in many ways is costly and prone to error.

Collaboration

Does your app need to support collaboration between different users of your app? Or across different apps?

How can they securely exchange data while not violating privacy requirements? Will customers or integrators be creating mash ups with your application?

How do you expose data and functionality (again, securely).?

These are all important considerations, and are increasingly easy to do in the world of Cloud Computing.

But as we address our needs for security and privacy, identity and access management are fundamental building blocks.

When handling a request for data, how do you know who is asking? How do you know they have permissions?

Conclusion

As you consider the PaaS and IaaS for hosting and deploying new apps, remember that You are not Alone.

Your app will be one of many for your customers; and collaboration and integration require identity management and access control solutions.

Coby Royer has over 20 years technology experience in software and security startups, consulting, and large enterprises. He has served roles in software development, enterprise architecture, and management, in lines of business that include Internet security, commercial software, financial services, consumer goods, e-commerce, and expert systems. He holds a number of patents in security and e-commerce. Coby serves as Technical Product Manager at Symplified, Inc.

Symplified, Inc. is a unified access management system purposely built for the cloud architectures of SaaS. Symplified integrates your existing IT infrastructure with the cloud, streamlining management, reducing costs and improving security. Symplified was designed to address your on-premise access management needs as well. Build secure portals with personalized access for your workforce, customers and partners. Symplified offers a complete, enterprise-class Web Access Management (WAM) infrastructure that rivals the capabilities of expensive, 1st generation products but without the frustrations and limitations of heavy monolithic software.

Complimentary Whitepaper:

How SaaS Cuts The High Costs of Web Access and SSO By 80% with On Demand Identity

This whitepaper explains:

How identity services eliminates all capital outlays for hardware, software and infrastructure, expenses for support and staffing
You can reduce the costs of training and integration to reduce identity lifecycle costs by more than 80% from enterprise identity software

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.