Monday, January 03, 2011

Identity up in the Cloud

This was a topic that I thought I would really be getting into during 2010, but somehow the Cloud never really seemed to become the story.  On the whole, I think there were more discussions regarding the definition of Identity and the Federation of those identities between systems.  However there's still be some discussion of what the "cloud" actually is and how it should function in various disciplines, including Identity Management.

I thought that David Kearns recent article on Avoiding "cloud anguish" had an interesting point that I would also like to comment on.

"...the “year of” any technology isn’t recognized until long after it has passed. 2010 may well be labeled as the Year of the Cloud, but that won’t be for some time to come and I’m beginning to doubt that it will."

So my interpretation is that moving to the Cloud is going to be something that we realized has happened, not something that is happening. Yeah, this is going to be a slow but fast process.  So what does this mean?  Well, to tell the truth almost everything on the Internet and in the enterprise is essentially a cloud process, particularly when we consider the concept of the "private cloud"  Connections to Email/SharePoint/Document Management/Identity Management/Access Management all happen this way.  We interact with a client (usually web-based these days) and then authenticate  in using VPN or the corporate network.

What's going to make this something that has happened?  Well I think when we start making it easier to connect various private clouds through some sort of Identity Federation and the process starts moving towards something we touch each and every day. We see the beginnings of this now with social networks that allow us to communicate with different Internet sites and applications.

Dave also talks about one of my biggest concerns with Cloud computing, and that's security. I've always had some concerns when things I am responsible for are parceled out to people that have no real stake in the project/organization/what have you to begin with.  Don't get me wrong, these people have a professional responsibility to maintain security, but it's just another data silo to them, not sales contacts, customer lists, identity data that are your organization's life-blood. To me there's always been a slight difference between data owners (the organization that owns the data) and data custodians (those who take care of the data in the cloud)  All in all, I like to keep it all close to me where I can keep an eye on it.

Of course this means that as the data owner, if I'm not putting my data in the hands of the "professionals" it's my responsibility to keep it all safe and secure, which means I need to make sure I have backups, redundant data centers, high availability, and secure communications to keep everything protected.  Sounds like a cloud to me.

The whole point of this is that we don't really know where the cloud begins and where it ends.  When we figure out what or where that is, then the cloud will be here to stay, until then it's anyone's guess.

No comments: