Archive for the ‘LDAP’ Category

VeriSign’s New Cloud Identity Initiative

April 21, 2010

We’re very excited today about the VeriSign announcement of a new industry collaboration (which includes Conformity) to build trusted online identity solutions that will help accelerate SaaS and cloud adoption.   In conjunction with the initiative, we’re working with VeriSign as well as Ping Identity, Qualys and TriCipher to establish a blueprint for achieving identity trust by combining technologies and services with proven policies and certification programs.   The effort spans the major requirements for achieving identity trust, including

  • Strong mutual identification
  • Provisioning
  • Federation
  • Vulnerability and Compliance Management

We totally agree with Nico Popp, vice president of product development at VeriSign when he says “Trust won’t happen if users worry their identities are vulnerable, or if they’re unsure whether the cloud-based service they’re accessing is legitimate.  That makes identity trust the essential ingredient for cloud migration – and an industry imperative for SaaS providers.”

Read the full announcement here >>

Advertisements

Recap: Enterprise SaaS Working Group – Identity Management in the Cloud

December 4, 2009

We had a great second meeting of the Enterprise SaaS Working Group this week, which focused on the topic of access and identity management for the cloud.  Participants in the session included Chris Bedi from VeriSign, Peter Dapkus from  Salesforce.com, Ryan Nichols from Appirio (who also provided a great summary of the event on the Appirio blog), Steve Coplan from  The 451 Group, Michael Amend from Dell, Doug Harr from Ingres and Scott Carruth from Initiate Systems.   Our initial discussion focused on the unique management challenges created by SaaS and cloud applications due to the the identity silos they create in the enterprise as shown below.

Cloud identity in the enterprise

The ensuing roundtable discussion focused on the impact these issues are having in the enterprises, with a particular focus on the following topics:

  • Speed bump or show stopper – on the question of whether access and identity management issues were a going to be a ‘speed bump’ or ‘show stopper’ for SaaS adoption in the enterprise, the answer really revolved around timing and depth of penetration.  While today it is more of a speed bump for initial adoption in the enterprise (or else we wouldn’t be seeing enterprise deals today), the issues become more problematic when considering what it will take for SaaS and cloud applications to become a ‘mainstream’ technology. Taken from that perspective, there was agreement that identity issues around access, authentication and authorization created by SaaS identity ‘silos’ were going to soon become major, and that they need to be reconciled and addressed.  
  • The directory redefined – one of the questions we posed around the future of the corporate directory, and whether enterprises would ever permit it to live in the cloud.  Chris Bedi of VeriSign made the great point that the more relevant and important question is around what a directory really becomes in a cloud-centric environment – where it ends up residing will be a function of how that question is answered.
  • Federated identity – related to the directory point, the group generally also agreed that in a cloud-centric (or even hybrid SaaS/on-prem environment) that there was unlikely to be a monolithic directory or source of identity related data, and that SaaS applications, HR systems and directories (on-prem and cloud) would also likely each contain ‘versions of the truth’ that will need to be synchronized and federated.  Ryan Nichols provided a very interesting example of how Appirio themselves have built a cloud-centric organization with Salesforce.com and Google both providing separate but complementary directory and identity data.
  • Identity done right – Doug Harr made the excellent point that current cloud identity challenges actually offer an opportunity for SMB and midsize enterprises who haven’t been able to invest in identity and systems management technologies to date to ‘get it right’.   IAAS and cloud-based identity management services will likely make these capabilities cost-effective for these target markets for the first time, enabling these organizations to effectively ‘white sheet’ their identity management approaches for both cloud and on-premise applications.

The full recording of the webinar is available and can be access by clicking here.  Please drop us an email as eswg@conformity-inc.com to be added to our mailing list, and to be notified of future Enterprise SaaS Working Group news and events.

Extending Active Directory to the Cloud

October 17, 2009

One of the use cases we’re almost universally supporting across our midsize enterprise customer base here at Conformity is integration with Microsoft Active Directory (AD), and providing the ability to extend and link employee, role and organizational data with identity stores contained in leading SaaS applications such as Salesforce.com, NetSuite, Google Apps and others. With our AD connector, customers of the Conformity platform are extending capabilities today in two major areas:

  • User provisioning / deprovisioning – by normalizing and synchronizing role and permissions models across AD and Conformity and through deploying our event monitoring capabilities customers can automate user provisioning, deprovisioning and change management activities.    When a new employee is onboarded and set up within AD, access and permissions to cloud services appropriate for the employee’s role are automatically provisioned via Conformity.  For example, when a new outside sales rep joins the organization, when added in AD they then can also be provisioned against Salesforce.com, Xactly and Google Apps with appropriate access and permissions.   When the sales rep changes title or role, or leaves the organization, changes in AD also then trigger appropriate changes in cloud application access and permissions.  In effect, we’re providing users a cloud provisioning extension for AD that enables IT to extend access policies and controls to the cloud.
  • Chargeback models – integration of department and other organizational identifiers between AD and Conformity’s role model also streamlines our customers ability to automate extension of internal chargeback and financial management models to cloud applications.  By linking SaaS administrative siloes to AD  via Conformity, enterprises can track and manage departmental usage not just at the application level, but also within specific modules within the cloud services themselves.

In addition to dramatically reducing administrative headaches, synchronizing and normalizing identity data across AD and major cloud applications is also enabling them to streamline audit prep activities, reduce operational costs and strengthen access control and security.  More to come on this…

Closing the gap between IT and SaaS

July 8, 2009

One of the big challenges the SaaS industry continues to face (which we talked about at our presentation at SaaS University last week in Chicago) is the gap that exists between the APIs/management access that SaaS applications provide today and the expectations of CIOs and IT teams, particularly in the enterprise.  The end-customer CIOs we’re working with are typically surprised at how difficult it is to integrate most SaaS applications into their existing management processes and solutions –  a CIO we recently spoke with just assumed that all major SaaS applications supported direct integrations into Active Directory and LDAP.  On the flip side, most SaaS vendors are being faced with IT requirements and expectations they haven’t yet considered, let alone support in their services (though there are exceptions) particularly in identity-related areas such as user authentication and access control.

Why is this important?

IT is regaining its seat at the table when it comes to SaaS.  In mid-size enterprises, as SaaS adoption has accelerated cross-functionally organizations are beginning to look to IT to centralize management and governance of SaaS applications and users to minimize compliance risks and administrative costs.   In a recent survey we found that IT was involved in management and administration of SaaS applications in 72% of multi-SaaS organizations.   In larger enterprises that are now taking a serious look at SaaS, IT is involved from the start to determine how the applications will be integrated into broader business processes and other on-premise applications, as well as management processes and solutions.  We’re starting to hear from both types of organizations, as well as the SaaS vendors that serve them, that application ‘manageability’ is becoming a consideration in sales cycles – in fact we’re aware of several situations where an incumbent SaaS provider was displaced by an offering with improved API and management access.

Why the disconnect between SaaS vendors and IT?  Based on our experiences and interactions with both sides of the issue, the gap that exists between SaaS applications and IT is driven by two factors:

  • SMB legacy – the majority of leading SaaS vendors (including Salesforce.com) grew from an initial focus on SMB customers.   Applications were architected and optimized to solve a specific functional business problem for this initial class/size of customer, with (understandably) limited focus on how the application would have to integrate into multi-SaaS or enterprise environments.
  • IT as ‘the enemy’ – the ease of deployment and flexibility of SaaS eliminated the need for business users to involve their IT organizations in the selection, configuration and management of SaaS applications.   As IT historically has neither been a decision-maker or influencer in the sales process, most SaaS vendors haven’t been exposed to IT organizations, particularly in the enterprise.  In fact, IT was and is often times (and often unfairly) characterized as the enemy of SaaS adoption, needlessly entangling business users in red tape and bureaucracy.  IT teams have also been part of the problem, often taking little interest in administering or managing SaaS applications.  In either case, most SaaS vendors have had relatively limited interactions with enterprise IT organizations, particularly when compared to on-premise ISVs.

We fundamentally believe that for SaaS adoption to continue to accelerate in both midmarket and large enterprises that the gap between IT requirements and SaaS application capabilities will need to be closed.  SaaS vendors need to improve APIs, management access and visibility in areas such as user and identity management, activity logging and monitoring, service management and back-office/financial management.  More on this to come….