Cloud-to-ground security integration is still a challenge, and most solutions are not very elegant…yet. However, enough technologies already exist (such as API gateways, cloud gateways, cloud SSO and security token services) that can build on your existing security infrastructure to provide a good solution today.
Emerging technologies and standards such as OpenID Connect, SCMI, UMA and HTML5 WebSocket all hold promise to make these solutions more secure, more scalable, and increasingly easier to implement.
Learn more here.
Today, organizations are leveraging the cloud in a number of ways: Business users are using applications in the cloud (Software-as-a-Service, or SaaS), IT departments are deploying applications hosted in the cloud (Infrastructure-as-a-Service, or IaaS), and developers are creating applications in the cloud (Platform-as-a-Service, or PaaS). In each scenario, the cloud-based application requires access to identity information. But where does/should the identity information come from?
Replicating identity and policy data (or worse, letting identity silos spiral out of control by manually creating separate user accounts or provisioning user identities into each service) doesn’t make sense. Instead, you should extend your existing enterprise identity and access management (IAM) platform — including authentication, authorization, create identity, lookup attribute, etc. — to cover cloud-based applications and services as well as your on-premise systems.
While all enterprise IAM platforms have some Web Services interfaces and Java APIs, few have REST APIs, and none have APIs that are accessible via the Internet. To get around these obstacles, look for a technology solution that can transform your legacy IAM interfaces into REST APIs on-the-wire, enabling “Identity-as-a-Service” using an API gateway. Then take it a step further by using a federation standard such as Security Assertion Mark-up Language (SAML) to enable SSO access to any combination of cloud-based services, traditional B2B services, and on-premise applications.
You will also need to construct a framework for identity management, including audit trails to ensure identities are not compromised, and monitoring that provides a real-time view of what’s going on. And don’t forget the regulations. Different jurisdictions have different rules governing data retention in the cloud, how and where information about your users can be stored, and the user notiﬁcations required regarding changes to personal information stored in the cloud. These regulations vary greatly from country to country and must be considered across the geographies in which your company is doing business.
Learn more here.