And now, comes 2010s, it is cloud computing.
In contrast to all previous paradigm shift, this time, the US federal government is ahead of curve with big push on the cloud computing initiatives. As noted by Cloud Security Alliance and NIST, security is the major concern and should be carefully designed to enable secure cloud. In this blog, I will give some high level issues associated with the Identity in the cloud since Identity is the core security domain. My name is Ken Huang, I am currently leading Identity and Access Management practice in CGI Federal as the Director of this practice.
1: How does Identity provisioned into the cloud? SPML is a standard, but not widely used. There needs some updated standard to address the identity provision, deprovision, and identity proofing.
2: How do you use federation technology to federate the Identity from private cloud to a public cloud? If a user has high assurance level in the private cloud, how does this level impact his access to public cloud or vice versa.
3: There is some products such as Symplified, PingIdenity, and standards such as SAML, XACML, OpenID, OAuth to enable authentication, SSO, and some level of access control in the cloud, we still need to see wide adoption of the products in the Federal government. And we need to see how it can integrate with HSPD-12 PIV card or the old CAC card from DoD.
4: Major IDAM vendors such as Oracle, IBM, CA, Microsoft lack necessary vision, sound strategy and innovation to come up with a compelling stack of the IDAM products for the cloud. The products are mostly bulky to install and hard to customize, and lacks plug and play features. I believe that the killer app for the Identity in the cloud will emerge from a small but innovative company.
5: The standards such as SAML, OpenID, OAuth will still need some enhancement to fit into the cloud environment.
Thanks for reading this post. I will put more details in the next few weeks.
