One Ring To Rule Them All…

With more and more organizations starting to move internal services to cloud and web based portals, the complexity of managing employee login credentials (from both the IT administrators and end users point of view) increases.  The natural reflex for users is to start creating simplified passwords for all the different systems or save them in easily accessible places.  Unfortunately, this ends up causing more work for administrators as the resources required to manage requests for password resets and maintain the individual credential systems.  This is why if you Google “Single Sign-On” every single security and IT manufacturer suddenly seems to have a solution.

Single sign-on is one of those funny technologies that seems to waver in popularity depending on network design trends. With cloud, the ability to restrict login requirements to a single session, while allowing users to access multiple resources becomes critical, especially when the resources are spread across multiple physical locations and virtual environments. Simply put, if you plan on taking advantage of cloud & virtual environments, single-sign on is going to be one of the most important tools in your IT arsenal.

Another new trend (although becoming more and more commonplace) is cloud based authentication services. These solutions are meant to streamline the standard two-factor and PKI authentication solutions such as physical tokens, but additionally offer benefits in terms of simplified management and reduced costs. In a cloud authentication solution, the private seed key (the originating module which generates the individual authentication codes) resides on a physical appliance resident somewhere in the “Stratusphere” (this is my new word for cloudspace FYI). This appliance is then connected to a VM resident hopefully in the same physical location, which runs the host management software. The administrator then connects to the management server through a web portal, which grants him access to the stock of certificate licenses assigned to the account. From the web portal, the administrator can sync the licenses up for deployment through standard methods including LDAP. End-users will then receive an email inviting them to sign up for their token which can be pushed out to any electronic device including desktop, laptop, tablet, and mobile (including using “out of band” services) through SMS and email services. This means there are no longer physical tokens that require inventory management, bulk upfront purchases (since often these cloud-based models allow flexible pricing on a “per used” basis), and end users enjoy the benefits of not having to keep track of a hard token. The end users can also control password resets and token processes through the web portal on a self-serve basis, reducing the workload of IT.

As end users become more and more adamant about using mobile or cloud based services, it is a great opportunity for organizations to also leverage cloud technologies for their cost savings and business simplification benefits. Since the nature of cloud requires a migration to redistributed systems, often spread across multiple locations, federated identity policies and solutions will be one of the first critical key steps that an organization will have to integrate into their cloud roadmap. This is why we are seeing an increased focus from vendors including Microsoft and IBM on simplifying complex user management and authentication systems. There is also a great opportunity for legacy token and authentication solution vendors to design streamlined identity and credential management solutions that leverage the unique characteristics of cloud environments and the increasing adoption of mobile devices.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s