I’ll have to look into this further, but it looks like Novell are providing some toolkits to embed identity and access management into internally developed web apps and for those companies building cloud computing apps.
http://www.arnnet.com.au/article/328877/novell_vows_first_identity_management_cloud_virtualized_apps?eid=-100
The upcoming Novell Identity Manager 4 will add the new ability for IT managers embed identity management and other security features into both Web-hosted and virtualized apps, Novell CEO Ron Hovsepian said in an interview last week.
Novell Identity Manager 4 will arrive by the middle of next year. That will work closely with Novell Cloud Security Service, also due in 2010, in order to extend identity and security policies onto apps and data hosted in the cloud.
Not sure if they can really be considered the first to provide these products since Microsoft has had Geneva (now Windows Identity Foundation – WIF) for a while, as well as the multitude of open source IdM toolkits available.
Network world has some good coverage of Microsoft’s WIF announcement.
Cloud Computing, Identity and Access Management
This article came across my inbox the other day. Martha (the author) doesn’t really have a security / idm background, according to my (quick, possibly faulty) skim of her LinkedIn profile, so I was interested in her takeaway on security and SaaS and the role of identity in SaaS.
Identity management does get a few mentions (must be a good article), but the main quote I thought worth repeating was:
All of the firms I talked with for this piece referenced Symantec’s research about rogue employees and lost laptops as the primary sources of data loss and theft. Working in the cloud removes the laptop issue and even the smartphone issue.
The wow factor for me (the rest of the article is pretty rushed) is this is the first time I’ve read about cloud computing reducing risk for an organisation, rather than increasing it.
Alas, Martha only hints about identity services in the cloud, and a pretty limited implementation:
User security is rooted in role-based access and identity management. Identity management is maintained in the firm’s LDAP directories. Permissions and denials are controlled by the firm’s administrator. The directories can be either inside the firm’s firewall, at the SaaS provider’s site, or in a DMZ.
Now, if only a large software vendor would release some sort of framework for identity services in the cloud. Should SaaS vendors be looking into this?
Cloud Computing
cloud, idm, linkedin, risk, SaaS, symantec