Ping Identity > Blogs > PingTalk 

PingTalk Blog

 Orlando - What will rock IT's world in the next three years? 

All flavors of mobile devices carried in bunches by end-users, a swell of interconnected and supportive mobile apps, personal clouds, hybrid clouds, Web-scale IT, the Internet of Everything and robotics are among a few.

End-users may triple the number of devices they carry, management suites will morph and 25 billion things on the Internet will be addressable through apps with interfaces that cover touch, voice and video. There is also a dose of 3D printing options, and some SAML thrown in (see No. 4) to meet identity and access demands.

This is Gartner's view of the world as laid out in its Top 10 Strategic Technology Trends for 2014. It was presented to CIOs and other IT executives at the annual Gartner Symposium/ITxpo in Orlando, Fla. And yes, mobile, cloud and big data are forcing functions.

Last week, in a forward-looking, scene-setting session (an annual CIO favorite), David Cearley, a Gartner Fellow and vice president, presented to a packed house a proposed future for IT.

Here's how it looks (and not in any particular order for the first eight, according to Cearley).

Three years ago to the day, I reported on a survey that showed 45% of businesses and IT pros thought the risks of the cloud outweighed its perceived benefits.

Cloud computing in 2010 garnered as much respect as a password sent in clear text. Most C-level executives scoffed at the notion of cloud computing replacing any of their critical or security systems, especially those executives in regulated industries.

Fast-forward to today, and Gartner is touting its research that predicts 10% of overall IT security enterprise product capabilities will be delivered in the cloud within the next 24 months.

Wow - it's hard to believe that I've been at Ping Identity for more than three months. I transitioned from Gartner (research vice president in the Identity and Privacy Strategies service) to Ping Identity in early September. I am excited to have the opportunity to continue industry conversations with Ping Identity customers (and others).

Recently, key conversations have focused on building out identity infrastructure as companies and organizations connect to the cloud. One of the concepts I pioneered at Gartner is the identity bridge. The identity bridge is in on-premises component that overcomes the "impedance mismatch" between on-premises identity management systems and SaaS applications.

When the clouds of computing gathered over IT, the Cloud Security Alliance rushed in as a ray of sunshine to help work through security issues.

Starting tomorrow in Orlando, Fla., CSA will host its third Congress conference to continue security conversations that are dominating cloud discussions. (If you’re not there, follow via the Twitter hashtag #csacongress2012).

My colleagues Paul Madsen, who is hosting a session on identity management and BYOD, and Loren Russon, who is on a panel discussing identity and the cloud, are in attendance.

This year, CSA, which counts 40,000 members and is growing at a rate of 80% year-over-year, is finding the major areas of growth and concern in cloud security are around standardization, transparency of controls, mobile computing, Big Data in the cloud and innovation.

Those topics dot the agenda, along with a number of sessions focused on attacks launched on the cloud and from the cloud, as well as, how mobile devices impact cloud security.

Regardless of how revolutionary a technology appears to visionaries often it takes a giant to validate the message and the market.

Thank you,

Hello, federated identity and identity-as-a-service.

In one powerful motion this morning, Salesforce CEO Mark Benioff moved the identity game from the side stage to center stage.

The tools, the technologies and the standards that are now de facto in the identity space received the validation stamp from a billion-dollar juggernaut.

I'm not suggesting it guarantees success, but the curtain is up and the big show is on.

At its annual Dreamforce conference, which opened today, the company announced Salesforce Identity, a platform that will provide single sign-on across all Salesforce applications. It's an access control strategy that gives Salesforce users a single log-in to all the platform's apps.

But it also has other important elements. There is a federation piece to integrate non-Salesforce apps/data and a provisioning part for adding, deleting and managing users.

And It's all based on standards, OAuth, OpenID Connect and SCIM, all of which we have talked about here for years.

Make no mistake, Salesforce is not launching the identity market, there are dozens of vendors and hundreds of enterprises here already, but Salesforce now has the megaphone. Greetings identity management vendors, ID architects, and CSOs, did you feel your boat rise?

Salesforce Identity isn't an add-on that makes for nice marketing materials and a generous up-sell. It's baked into the platform. It's the way identity should be delivered; integrated and expected.

Last month, we talked about identity bridges and hinted at some features that were coming in the 6.10 release of PingFederate.

Well, those features are here today with the release of the software and they include authorization options, interoperability with Microsoft cloud services, and management tool integration for monitoring, reporting and analyzing services.

Those features, and more, in 6.10 continue to shape our definition of identity bridges.

To refresh your memory, the bridge concept came from the growing need for organizations to better manage their adoption and transition to cloud services while leveraging their current investment in identity and access management technologies.

At its heart, a bridge connects users, applications and identity management across corporate networks and software-as-a-service. On the technical side, the identity bridge is an on-premises appliance that can be either a physical machine or run virtually.

It all defines the capabilities PingFederate has been providing to its customers for years.

Now with 6.10, we are adding in levers and controls that continue to bring the identity bridge to life in your environment.

The list of 6.10 features is long and the full text is available here

I’d like to highlight three of those features I think are key right now for the enterprise: Token Authorization, Microsoft Office 365 support and Splunk support.

If you think cloud computing is intrinsically less secure than what you deploylaye on-premises, read these arguments from Dave Kearns. Remember, if you have a breach on-premises, your only recourse is to fire some people.

  • Dave Kearns: The misunderstood cloud
    "Michael Osterman, of Osterman Research, recently opined about the security of cloud computing - and its misunderstandings. He compared cloud security to on-premise security in four areas (employee theft/incompetence, malware, hackers, and physical security) and showed that in all four areas the cloud should be, and generally is, more secure than on-premise data storage. Yet the myth persists that the cloud is less secure."

There were other items of interest to the identity community. I've added two new sections, Mobile and Social, to help sort them out. So now we have the megatrends: identity, cloud, mobile and social.

San Diego - Nearly 75% of companies deploying an emerging, standardized provisioning protocol are doing so to link internal systems, according to a company that helped write the specification and was first to support it.

Directory provider UnboundID in January rolled out an implementation of the Simple Cloud Identity Management protocol (SCIM; now known as System for Cross-Domain Identity Management at the IETF) and three-quarters of those that have adopted it are provisioning users across their internal mix of platforms.

Another 25% are using it for what the SCIM creators envisioned; enterprises avoiding the headache of writing another connector. Those companies are linking to software-as-a-service providers via SCIM to provision users to cloud services, namely

'We turned a protocol and schema problem into a mapping problem, which is easier to solve. I map my SCIM thing to my LDAP thing," said Trey Drake, an architect for Unbound ID and an editor of the SCIM specification.

He appeared last week as part of a roundtable hosted by Gartner analyst Mark Diodati at the Catalyst Conference. Others on the panel were SCIM specification contributors Patrick Harding, CTO of Ping Identity, and Darran Rolls, enterprise security specialist at SailPoint.

We spent nearly all of last week at Gartner’s Catalyst Conference talking with some 1,400 attendees about a new category Gartner analysts are calling the Identity Bridge.

The bridge concept came from the growing need for organizations to better manage their adoption and transition to cloud services while leveraging their current investment in identity and access management technologies.

It’s no secret that cloud services, mobile, API access and social networking make it just as likely today that applications, and those that need to use them, are outside corporate walls as inside. And it’s no secret that corporate IT is struggling to secure these new hybrid use cases.

You will be hearing more of this bridge message in the industry and from Ping as vendors and solution providers start to align their products and services with this new market category.

This is great news for Ping customers as PingFederate has been providing this capability for years.  And our release in September of PingFederate 6.10 will expand the story with new “bridge” features.

As we talk with analysts and press about these new concepts, many agree that Ping is already the leader in this category as we provide cloud identity management services that enable organizations to bridge their on-premise identity management solutions with cloud services directly or via Identity-as-a-Service solutions, like PingOne.

Beau Christensen is a Site Reliability Engineer for our PingOne cloud identity service. He's is part of the team striving for zero downtime, with blinding performance. Last year, I wrote about a technical round-table Beau led on Splunk. He recently attended the O'Reilly Velocity US 2012 conference.  Here is what Beau reports:

Beau Christensen, Site Reliability EngineerO'Reilly's Velocity Conference is quickly becoming the gathering place for web operations and development nerds to share new ideas and ways of doing things in the new cloud economies. It's a great place to hear about what the rock stars like Tumblr, Etsy, Facebook, and Twitter are doing to scale, develop, and maintain uptime using the newest platforms. This years theme was "Building a Stronger and Faster Web."  

The SRE team spend three days immersing ourselves in the culture and ideas, and I wanted to share the list of keynote talks from the conference.

My personal favorite (for all you ops guys), Jesse Robbins talks about being an angry engineer at Amazon, and how to change culture:

Jay Parikh, SVP Ops for Facebook talks about their systems & scale:

And Mike Brittain talks about building a better user experience at Etsy:

Full list is here.  Great stuff for anyone thinking about building better and faster systems:

There were other items of interest to the identity community: