Building a Cloud-Ready, Future-Proof Identity Infrastructure:



Similar documents
Delivering Cloud Services

Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management

Optimizing Service Levels in Public Cloud Deployments

The Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Build A private PaaS.

Vblock Systems hybrid-cloud with Cisco Intercloud Fabric

Speeding Office 365 Implementation Using Identity-as-a-Service

Identity and Access Management for the Cloud

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

managing SSO with shared credentials

The Top 5 Federated Single Sign-On Scenarios

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

CA Technologies Strategy and Vision for Cloud Identity and Access Management

TO DEPLOY A VIRTUAL DIRECTORY TOP THREE REASONS. White Paper June Abstract

A Security Practitioner s Guide to the Cloud Maintain Trust and Control in Virtualized Environments with SafeNet s Trusted Cloud Fabric

Superior Web Application Performance in the Cloud

Pick Your Identity Bridge

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds

Modernize IAM with a Web Scale LDAP Directory Server

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

How To Monitor Hybrid It From A Hybrid Environment

Directory-as-a-Service Primer (DaaS)

Moving to the Cloud: What Every CIO Should Know

ENABLING ENTERPRISE AVEPOINT ONLINE SERVICES. For Microsoft Office 365 COLLABORATION. For how you work, where you work

Hybrid Cloud Identity and Access Management Challenges

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Connecting Users with Identity as a Service

Turbo-Charge Salesforce.com with cloud integration

Optimizing the Hybrid Cloud

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Federated Directory Services

Analance Data Integration Technical Whitepaper

Simplify Software as a Service (SaaS) integration

Modern Application Architecture for the Enterprise

Microsoft Cloud Platform. Kris Vandermeulen Product Manager Datacenter Microsoft 5/2/2015

Jitterbit Technical Overview : Microsoft Dynamics CRM

Intelligent Integration For Software Vendors

White paper Contents

Unified Device Management Allows Centralized Governance of Corporate Network Devices

How To Integrate With Salesforce Crm

Analance Data Integration Technical Whitepaper

Wrap and Renew Digital SOA Catalog Offerings

Necto on Azure The Ultimate Cloud Solution for BI

Data virtualization: Delivering on-demand access to information throughout the enterprise

An exploration of cloud service delivery models in a hybrid environment A new depiction to corporate computing

White Pages Managed Service Solution Rapid Global Directory Implementation. White Paper

How to Unlock Agility by Backing up to, from, and in the Cloud

Informatica Data Quality Product Family

How To Understand Cloud Computing

One Hybrid Cloud Software Quick Look

Making the Cloud Work for Business

Improve Application Performance in the Hybrid Enterprise

How to Overcome Challenges in Deploying Cloud Apps to Get the Most from your IAM Investment

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Effective, Affordable Data Management with CommVault Simpana 9 and Microsoft Windows Azure

MOVING TO THE NEXT-GENERATION MEDICAL INFORMATION CALL CENTER

VIRTUALIZING BUSINESS-CRITICAL APPS. Maximizing Business Value: Strategies for Virtualizing Business-Critical Applications

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

Cisco Software-as-a-Service (SaaS) Access Control

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Cross-domain Identity Management System for Cloud Environment

Enterprise Cloud Management: Drive business value by balancing speed, cost and risk

How to Achieve a Cloud-Connected Experience Using On-Premise Applications

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

Google Identity Services for work

Oracle Documents Cloud Service. Secure Collaboration for the Digital Workplace

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Elastic Private Clouds

Continuing the MDM journey

How To Manage Cloud Management

Executive Summary. Copyright AlgoSec, Inc. All rights reserved.

identity management in Linux and UNIX environments

TOP 3. Reasons to Give Insiders a Unified Identity

Flexible Identity Federation

E-GUIDE. Cloud Services Brokerage: An Educational Brief

Vodafone Case Study Key Facilities Management

> Solution Overview COGNIZANT CLOUD STEPS TRANSFORMATION FRAMEWORK THE PATH TO GROWTH

WHITEPAPER SAML ALONE IS NOT SECURE - HERE S HOW TO FIX IT

RightScale mycloud with Eucalyptus

Realize More Success with Software-plus-Services. Cloud-based software from Microsoft Dynamics ERP

1 The intersection of IAM and the cloud

Enterprise Data Integration

Veritas Enterprise Vault for Microsoft Exchange Server

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Cloud Computing. Chapter 1 Introducing Cloud Computing

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

ASG CloudFactory IT Transformation with Cloud Orchestration and Service Delivery Automation TECHNOLOGY TO RELY ON

Management with Simpana

Can I Optimize the Value and Service Levels of My SAP Platforms and Applications While Lowering Risk and Staying Within Budget?

Tipping the Mainframe for a Connected Enterprise

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

PLATFORM-AS-A-SERVICE, DEVOPS, AND APPLICATION INTEGRATION. An introduction to delivering applications faster

IBM s Mobile Enterprise Strategy IBM Corporation

Agility for the Digital Enterprise Get There Faster

Transcription:

Building a Cloud-Ready, Future-Proof Identity Infrastructure: Three Keys to Success UnboundID Corp. 13809 Research Blvd Suite 500 Austin, TX 78750 512-600-7700 www.unboundid.com

Executive Summary Social networking and cloud computing have made the Internet an integral part of everyday life, and IT organizations at forward-looking companies everywhere are eager to find new ways to tap the full potential of these technologies. How can they use them to improve the customer experience? Simplify and reduce the cost of business operations? Accelerate application development? The possibilities are tremendous but so are the challenges. The problem is that while these technologies are extremely powerful, they also raise identityrelated issues that most IT organizations are ill-equipped to address. These issues include the separation of users from the systems to which they require access, the introduction of more silos of identity data and the increase of identity complexity in application development. Fortunately, with a new approach to identity management, including the right directory services solution, your IT organization can significantly improve its ability to overcome these challenges and put the full power of social networking and cloud computing technologies to work for your business. As with any IT project, it s vital to start at the core in this case, with the identity data itself. This paper outlines three essentials of identity data management that will help your IT organization establish a cloud-ready, future-proof identity infrastructure: U n ifi c ati o n of identity data across existing data silos Delivery of identity as a service to applications that need it Flexibility and scalability of identity data access to keep pace with growth Understanding these essentials and how to achieve them is the first step in realizing the benefits of performance-at-scale and avoiding the consequences of not having it. 2

Meeting the identity challenges of social networking and cloud computing Overcome separation of users from systems More and more companies are leveraging Platform-as-a-Service (PaaS) cloud offerings like Force.com, Amazon AWS, VMware Cloud Foundry, and Microsoft Azure to accelerate application development. They re also taking advantage of Software-as-a-Service (SaaS) cloud offerings like Salesforce.com, Eloqua, Google Apps, and QuickBooks to simplify and reduce their cost of business operations. Moving these IT services and applications into the cloud creates unprecedented efficiencies and economic advantages but it also has the inevitable consequence of separating users from the systems to which they require access. This separation between users in the enterprise and PaaS/SaaS offerings in the cloud can lead to a number of problems, including: Security and compliance challenges stemming from difficulties establishing governance over who has access to what Negative impact on the user experience as users struggle with having to deal with yet another login Added complexity of having to retrieve identity data in the cloud for use in other cloud-hosted or on-premise applications Ongoing need to add and remove users or update user attributes in the cloud based on on-premise data While federated identity management solutions can offer single sign-on capabilities to improve the user experience, they often do nothing to solve the other ongoing identity data management issues. What s needed is an automated service that can securely expose data from cloud to premise and vice-versa, as well as notify consuming applications when changes occur. Eliminate new silos of identity data There s a wealth of customer information stored in social networking applications today, virtually all of it readily accessible through well-documented application programming interfaces (APIs) and federated identity standards like OAuth and OpenID. So why isn t every company with a website rushing to use this data to customize and improve the online user experience? Or to target customers with real-time marketing offers? The problem is that customer data exists in identity silos, or disparate sets of login, profile and preference data that have been created over time for each online service or application. Even if user-driven mapping of identity data to accounts is possible, the lack of unified customer information makes it extremely difficult for enterprises to take full advantage of their own data, much less the data provided by social networking applications. A similar challenge arises when building applications in PaaS environments; moving to the cloud just makes dealing with multiple, unreconciled, internal silos of data that much more of a problem. And SaaS offerings add yet another identity silo to manage and maintain. 3

The solution is two-fold: 1. When developing new applications, store all identity data (login, profile, preferences, entitlements, roles, etc.) separately from application data, so that it can be shared and reused across applications. This is a significant departure from the traditional practice of creating identity data capabilities on per application basis, which is no longer sustainable; it is simply too costly and time consuming as the number of applications, users, and identity data associated with them continues to grow. 2. Create a unified view of user identity (one for customers, and one for employees) across existing application repositories, so that identity data can be more easily shared and reused. Existing applications can be migrated over time to use the unified identity data repositories as needed. A unified view helps overcome the challenge posed by multiple silos of identity data. Reduce identity complexity in application development Cloud-based platforms can accelerate application development. Ironically, however, they can also complicate it by increasing the complexity of identity data management, especially when developing multiple applications. That s because identity data-driven services like authentication, authorization and profile/attribute management have to be integrated in the cloud and then tied back to on-premise applications and to other cloud systems. Some cloud platforms do offer shared or federated authentication services to unify authentication across applications, but they don t provide comprehensive authorization or profile/ attribute management services. Your IT organization still has to build identity data capabilities, which generally means storing authorization, profile and attribute details about users on a perapplication basis. And as explained earlier, storing user data together with application data is no longer a viable alternative. The answer is to deliver identity as a service, so that application developers can use it to define, share and reuse identity and profile data across multiple applications regardless of whether those applications are on-premise or in the cloud. Federated identity and entitlement management services can then be layered on to the identity service based on specific business needs. 4

Delivering identity-as-a-service makes application development faster and simpler. Three key capabilities to overcome identity challenges Overcoming the identity data management challenges raised by social networking and cloud computing requires three key identity management capabilities. 1. Unification of identity data To overcome the identity data management challenges posed by social networking and cloud computing, enterprises need to unify and synchronize identity data across on-premise and cloud-based systems while still maintaining appropriate separation of data to guard against potential security breaches. Moreover, to make the most of social networking and cloud computing, enterprises must supplant application-based identities (which have been established over years of tying identity data to applications) with customer identities that are based on unified identity information. All of this can be just as tricky as it sounds unless you have the right directory services solution. That s especially true if your enterprise, like so many today, has had multiple repositories of data build up over time as a result of merging with or acquiring other companies. You need a directory services solution that enables you to: Easily create a secure, centralized view of identity data across multiple systems Achieve secure cloud-to-premise and premise-to-cloud identity data integration 5

2. Delivery of identity as a service To avoid creating an unmanageable number of silos of identity data, enterprises should look at delivering identity as a service, rather than tying a separate identity data infrastructure to every application. Identity as a Service (IDaaS), like other IT assets delivered as services, makes it possible to share and reuse data among applications. This streamlined approach speeds and simplifies application development and also makes it easier to manage and secure identity data in all types of clouds private, public and hybrid. To deliver identity as a service, you need a directory services solution that enables you to: Synchronize information from existing silos of identity data Deliver identity data from various sources in real time to applications that need it 3. Flexibility and scalability of identity data access To meet the demands imposed by social networking and cloud computing technologies, enterprises must be able to give applications fast, efficient access to the data they need. This is doubly challenging because Web 2.0, presence-based and other next-generation applications need data faster than ever before (in real time, often) and this demand is occurring at the same time that enterprises are dealing with greater amounts of data and numbers of operations than ever before. To achieve these unprecedented data delivery speeds, in an environment of extreme data growth, a directory services solution must be able to: Reduce latency, or the amount of time it takes to process operations against increasing numbers of users and attributes Increase throughput, or the rate of operations per second Scale up and down based on demand Having the flexibility to scale up and down is important because data growth is not always consistently upward; it can expand and contract depending on IT cost models and other factors. Therefore, to maximize the efficient use of resources, identity management systems should be able to adjust accordingly to changes in demand. Using UnboundID solutions to address identity challenges The UnboundID Directory Services Suite is designed to provide the key capabilities that enterprises need to lay the foundation for a cloud-ready, future-proof identity infrastructure. Identity unification UnboundID solutions address the challenges of creating a unified view of customer (or employee) identity data and of readily sharing that information between cloud and premise for user provisioning, application personalization, or new application development. UnboundID specifically supports real-time or scheduled synchronization of identity data from multiple sources, regardless of how many or what types of repositories are involved. UnboundID s Synchronization Server is also highly customizable, to help ensure compliance with data security policies and regulations governing data integrity and privacy. For example, it can be customized to copy only selected data required by the policies and regulations, rather than unnecessarily exposing the entire data set. 6

Identity as a Service (IDaaS) UnboundID solutions enable enterprises to remove identity data from the individual application infrastructure and make it a shared and reusable asset that can be used across multiple applications. The UnboundID directory services solution includes both the advanced synchronization services to pull the data from diverse, heterogeneous data sources and the scalable data storage services to deliver it in real time to applications whenever and wherever it s needed. IDaaS speeds application developers work by eliminating the need to laboriously recreate an identity infrastructure for every application and can reduce development time by 20-40%. Internet-scale performance UnboundID solutions are designed specifically to achieve high scalability by meeting the three performance criteria that most traditional identity management solutions can t: accommodating large amounts of data, supporting high transaction rates and delivering low-latency response times. This is made possible by a unique combination of robust replication, data partitioning to break up data into more manageable data sets and a real-time synchronization and notification engine. In addition, the decoupling of application and identity data that underlies both identity unification and IDaaS gives UnboundID solutions the flexibility required to scale up or down as demand dictates. Benefits of UnboundID Capability Result Benefit Identity unification Unification of identity data across applications and services Cloud-to-premise and premise-to-cloud data synchronization for access to provisioning and authentication from on-premise data repositories (LDAP- or SQL-based) Efficient delivery of essential identity data for authentication, authorization, personalization, and provisioning of both on-premise and cloud computing applications Identity as a Service (IDaaS) Decoupling of application and identity data Ability for identity data to be shared and reused across all applications Simplified enforcement of security and privacy controls around sensitive identity data Single sign-on and unified profile management for end-users Faster time to market with new applications Internet-scale performance Ability to handle large numbers of users and large amounts of identity data Ability to scale on all three axes: number of users and attributes, transactional throughput and response time Fast, efficient delivery of applications and services to users regardless of increasing demand 7

Conclusion If you want to tap into the full power of social networking and cloud computing, you need to start by understanding and resolving the complex identity issues that these technologies can create. UnboundID directory solutions are designed to help you address identity in the cloud at every level. By unifying identity data across existing silos, you can create a centralized view of data and secure, seamless cloud-to-premise integration. Delivering identity as a service streamlines application development and makes it easier to share data across applications. And achieving flexible, scalable identity data access means you can keep pace with both data growth and delivery speed. Only UnboundID helps you put these three keys to success together and put them to work for your enterprise. Talk to us today Learn more about achieving performance-at-scale with directory services solutions from UnboundID. Call +1 512 600 7700 or visit www.unboundid.com for more information. About UnboundID Corp. UnboundID Corp. is a leading provider of real-time identity management services for cloud, mobile and social applications. UnboundID is a privately-held company based in Austin, Texas and is funded by Silverton Partners. UnboundID and the UnboundID logo are trademarks of UnboundID Corp. All other product or service names are trademarks of their respective companies. 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information