The deployment of virtual environments in the form of a private, hybrid or public cloud is an increasingly attractive option for organisations looking to rationalise and/or extend their service hosting platforms. Such an environment can provide an organization with the ability to make significant savings in manpower and resources as well as providing access to services for which they have little existing knowledge or support base. From a budgetary perspective use of the Cloud provides a clear and easily accountable cost to the business due to the frequent use of ‘per-user’ licensing models.

While the arguments supporting adoption of this approach may be easily articulated and understood, the path to seamless Cloud integration is non-trivial due to the logical and/or physical separation between it and an organisation's existing IT infrastructure. Such a separation requires a different set of tools and approaches to solve the associated integration challenges.

At Pirean we are working on solutions to address these new requirements as our customers look to deploy seamless and secure service platforms that include both internal and Cloud based services. Here we have found that we must draw both upon our experiences and a range of extended software solutions to address a diverse set of project demands – from broad scope engagements to provide unification of separate customer, managed service provider and third party helpdesks through to projects to provide for the lifecycle management of identities across both internal and Cloud based services. Our software solutions (such as Access:One, SMBus and a set of cloud based adapters for IBM Tivoli Identity Manager) complement and enhance the reach of IBM Tivoli software solutions to help our customers meet these new challenges.

There are of course a number of special issues relating to Cloud deployment that may not be readily addressable, particularly in the areas of Identity and Access Management. These include issues such as externalised authorisation policy definition, user data distribution, and Privileged Identity Management. Standards such as XACML and OAuth are increasingly being deployed to mitigate these gaps, while the advances in techniques for the profiling and management of privileged accounts are also helping. Organisations which have requirements in these areas would be well advised to understand what level of support their Cloud provider has for the relevant standards and solutions.

Away from the mitigation of Cloud deployment challenges, organisations who are in the process of selecting a Cloud service provider should, as with all such selections, seek legal assurances and contractual agreement over the manner in which the proposed services are deployed. Aspects such as service availability, performance and endpoint protection should all be clearly described as well as policies for the transmission and storage of Personally Identifiable Information.

In the short to medium term indications are that Cloud services will trend towards becoming more standardized, available and globally adopted. Providers will continue to seek close adherence to the major Federated Identity Management standards (such as SAML), plus rapid adoption of newer versions such as OAuth 2.x. Principally Pirean perceive that Cloud providers will support much greater interconnectivity of their services thereby allowing organisations to join disparate services together under one enterprise IT infrastructure.

These challenges will feed back into further advances and will aid the development and adoption of new and more wider reaching Federation related standards, such as work being carried out by the Open Identity Exchange (OIX) project who seek to standardise the process of Cloud service metadata registration and exchange.

Most Recent Comments

Please leave a comment

Name*

Location

Email*

URL

Submit what you see below *

Remember my details

Notify me of follow-up comments