Enterprise architectures that stretch over public and private clouds will bring identity management challenges that will require companies to embrace flexibility in order to allow incorporation of mobile devices, social log-ins, and industry standards.

Those conclusions came during a GigaOm Pro webinar Friday that centered on  hybrid clouds and identity management. (Disclosure: Ping Identity was the sponsor).

"It is a very complex set of issues," said Dan Olds of GigaOm Research and founder and principal consultant of Gabriel Consulting Group. "You are going to have multiple ID types in the way that you have a corporate ID in business and a personal ID for the things that you do, but you may be using the same device to do both."

The panel agreed that companies and organizations will have to be agile.

"The key is to remain flexible," said Bob Gourley of GigaOm Research and editor of CTOvision.com. "You will have multiple people with multiple devices that need different levels of access both inside and outside the organization."

The discussion highlighted the changes IT is facing with the rise of the cloud, the explosion of mobile and the pervasiveness of social networking.

The cloud today presents two main identity management scenarios: enterprises looking to gain access to Software-as-a-Service (SaaS) apps (to the cloud) and enterprises trying to deal with external users looking to access resources on the corporate network (from the cloud).

"For the 'in the cloud' scenarios, the enterprise needs both provisioning and authentication/SSO services, and typically, the enterprise uses an identity bridge or gateway to provide them," said Mark Diodati, a technical director in the CTO's office at Ping Identity, who was the third member of the GigaOM panel. "In the private cloud, it is about the extent of the coupling between on-premises and externally-hosted resources. If there is tight coupling, you may be able to use your Active Directory frameworks as if the private-cloud resources are on-premises."

The trio seemed to agree that companies need to plan now to prosper later.

"Some decisions you make today can foreclose on your options down the road," said Olds. "It is important to decide what you are going to allow, not just what you need today, but what you are going to need five years down the road."

Diodati said a great example of a place to start would be directory synchronization for cloud apps. With a well-honed directory users can move from there to adoption of the Security Assertion Markup Language (SAML) or OAuth as key pieces for setting a solid identity management foundation. He said identity components "should be strategic and preferably standards based."

Gourley was quick to point out that enterprises shouldn't just think about identity and identity management in terms of security, but factor in functionality. "The system should not be so burdensome that people can't get their jobs done."

Diodati said one area where enterprises are struggling is with managing mobile devices. "You ideally want to tie devices into management frameworks because you are now putting more important things on the mobile device," he said. "You might be putting certificates on mobile device that front-end authentication; you may have access to data from the mobile device. That is where the struggles are."

Mobile is also bringing OAuth to the forefront as the protocol to help secure mobile access. And OpenID Connect is shaping up to be a credible answer to standards-based authentication.

In addition, Diodati predicted that in the next 5-6 years companies will routinely talk about social log-ins for securing enterprise applications. And he said he is hopeful authorization standards will evolve and that the System for Cross-Domain Identity Management (SCIM), now in the early stages of standardization, will eventually support standards-based provisioning features like create, read, update and delete.

Olds said the industry and enterprises are "definitely taking a step in the right direction."

Information security expert Davi Ottenheimer of Flyingpenguin moderated the panel.


* Required Fields