On the subject of password management…

There is an interesting movement that is happening in and around the Identity management space in there is a struggle going on between the desire to have a single universal and secure way of accessing resources and applications, and finding the right third-party to “trust” with your access.

A variety of technologies and vendors are involved including SAML, Active Directory, individual passwords, and some of the social media vendors such as Facebook and Twitter, to name a few. And of course, all the other cloud, enterprise, and identity vendors have a dog in this fight too.

Here at Conformity we are clearly a part of the discussion, and ultimately we hope, part of the solution, but the ugly truth is the vast majority of current secure website services and SaaS business applications still use passwords for their primary authentication model. Andrew Jaquith’s blog entry on “The Rationality Of Re-Using Passwords” makes an observation that passwords will be around for a long time, which is a point of view that I share.

Since we are on the topic of passwords and logins, I need to mention that Conformity just introduced a new product, ConformityConnect, that is designed to be a simple to use, simple to deploy, and simple to administer way of securely managing the plethora of logins that we face every day at work.  If you find yourself drowning in passwords, this might be the life saver you’ve been looking for. It also lays a foundation for addressing some of the other issues I raised above. Sometimes the best policy is to trust no one but yourself…

You can try ConformityConnect out for free by clicking HERE.

Thinking about “The Cloud”

Thanks, Scott, for the warm welcome to Conformity’s Blog universe.  I’ve been at Conformity for just about a month now, and I’ve been appointed (is there an opposite of disappointed?) at the excitement around the space, the quality and dedication of the team, and the interest in “our problem” (identity in the cloud) by customers and prospects.

Of course, unless you’ve been under a rock for the past, say, 10 years, you’ve no doubt heard that Cloud Computing (or On-Demand before that or ASP’s before that or Grid’s even before that) will solve everything from bad breath and world hunger to global warming and peace in our time.  While many of the developments are truly exciting, what we today call Cloud Computing should have been expected as an obvious trend from a whole collection of trends that have led up to it.

Why?  Because every advanced endeavor ultimately evolves into increasingly smaller and focused areas of specialization, where we (as individuals or business units or corporations) pay someone else to do things we’re either too busy, too inexperienced, or too lazy to do ourselves.

I suspect few of you reading this now actually grow your own vegetables.  It’s not that you can’t, mind you, since it’s not all that hard.  But farmers and grocery stores and the whole infrastructure behind the process of getting lettuce and carrots into the trunk of my car do it faster, cheaper, and better than I can (or am willing to – I do have small children, after all).

Historically, providing whatever computing services businesses large and small use in the course of their primary business activities has been difficult enough and expensive enough that these same businesses formed “IT Organizations” to provide those services for them (believing — largely correctly — that the IT group could do it faster, cheaper, and better than they could — an early and surprising enduring form of specialization).

No reason why this same process won’t happen again and again and again, with increasing segments of what has traditionally been the purview of what we now call an “on-premise” IT service being delivered by external entities that can perform more and more elements of what IT has traditionally done themselves, and with IT’s role evolving along the way.  With the introduction of a good enough transmission medium (the Internet), a good enough computing platform (LAMP stack, with or without virtualization), and sufficient consolidation, standardization, and economies of scale around certain business applications (e-mail, SFA, CRM, HR, etc), and *POOF* Cloud Computing and Cloud-based Applications are born.

The interesting news (and for companies like Conformity and our partners the good news) is that each of these forays into these areas of specialization come with their own technical and business challenges that must be solved along the way.  We, as technology professionals, get another chance to try to address long-standing questions around business process, pricing, ease-of-use, and the never-ending quest for a more efficient way to separate and distinguish between what Geoff Moore calls “core” versus “context”.

I won’t attempt to address the specifics of how we’ll be solving bad breath, world hunger, global warming, and peace in our time today (must leave something interesting to write about in future posts), but wanted to begin the dialog around what is and is not particularly new about Cloud Computing, what problems we might expect need to be solved (because they *are* different from what’s come before) and which problems are simply old wine in new bottles…

Conformity Announces GA Release of First Enterprise-Class Management Platform for SaaS and Cloud Apps

We’re excited to announce today the general availability of the Conformity solution, which provides customers the first enterprise-class management platform for cloud applications and users.  The Conformity solution is designed to arm enterprises with the same level of visibility and control over on-demand applications as they’ve come to expect with traditional packaged apps.  With our solution, enterprises can now be confident bringing new cloud applications into their business environments, knowing there will no longer be compromises made in the areas of management processes, insight and control.  With today’s GA, enterprises can:

• Increase data security and reduce compliance risks
• Optimize license allocation and expenses
• Automate and streamline administration
• Expand and extend enterprise usage of SaaS and cloud applications

Specific capabilities of the Conformity solution include:

• User provisioning – provides centralized point of provisioning and deprovisioning of users accounts within cloud applications, and ongoing management of user permissions and authorizations.
• Role and profile management – enables organizations to centrally manage cloud application roles, profiles and permissions through normalized permission models, and maps policies to users and roles.
• Approval workflows – provides auditable cross-functional approval processes for users requiring new or amended access permissions, or role and profile changes.
• Directory integration – enables organizations to seamlessly synchronize Conformity’s user repository with on-premise directory services.
• Compliance reporting – provides reports required for effective preparation for audits for SOX, HIPAA, PCI and other regulatory mandates and standards.
• Usage analytics – provides visibility, analytics and reporting on cloud application and license utilization.
• Change management – enables archiving, management and recovery of application configurations and role models.

The Conformity platform provides templates, tools and workflow needed to manage all cloud applications in a customer’s environment.  Conformity also provides additional analytics, reporting and provisioning automation through integrations with the following leading cloud applications:

• Salesforce.com
• NetSuite
• SuccessFactors
• Xactly Incent
• Google Apps
• OpenAir
• QuickArrow

The Conformity platform also supports directory integration for Microsoft Active Directory, and is compatible with industry standards such as SPML, SAML and WS-Federation.

Please click here to read the full announcement, and stay tuned for more upcoming news!!!

Mark your calendar – Enterprise SaaS Working Group webinar

We’re excited to announce that on September 30th at 11:00am PDT / 2:00pm EDT we’ll be holding the first event in our Best Practices webinar series, featuring a roundtable discussion with the Enterprise SaaS Working Group. Comprised of recognized thought leaders and visionaries in SaaS and cloud computing, the group will discuss the challenges and issues that need to be overcome for SaaS and cloud applications to become truly ‘enterprise-ready’. Participants in the session will include:

• Michael Amend – Director of Enterprise Architecture at Dell Computer
• Scott Carruth – VP, Information Systems at Initiate Systems
• Peter Coffee – Director of Platform Research at Salesforce.com
• Steve Coplan – Senior Analyst, Enterprise Security Practice at The 451 Group
• Tom Fisher – VP of Cloud Computing at SuccessFactors
• Doug Harr – CIO at Ingres Corporation
• Ryan Nichols – VP of Marketing and Product Management at Appirio

The discussion will focus on critical issues and corresponding best practices in the areas of management, governance, security and compliance, and will include a Q&A session open to all attendees. Click here for more information and to register for this exciting event!

The Enterprise SaaS Working Group – Coming Soon…

As frequently discussed in this blog, here at Conformity we believe that there are a fundamental set of issues that the SaaS industry as a whole needs to address for SaaS and cloud applications to become truly ‘enterprise-ready’.  These issues range from management access and APIs to SLAs and performance monitoring.  To provide a forum to further surface, discuss and propose solutions to these issues, in September we will be introducing the first Enterprise SaaS Working Group.  The group will discuss challenges that need to be overcome to accelerate adoption of on-demand solutions in the enterprise, and will include a broad range of perspectives from thought leaders and practitioners alike.  Participants will include:

• Enterprise CIOs and IT executives
• SaaS vendor executives
• SaaS consultants and service providers
• Industry analysts

We will be formally introducing the group at an exciting event we’re going to be hosting in late September.  Please stay tuned for more details…

Closing the gap between IT and SaaS

One of the big challenges the SaaS industry continues to face (which we talked about at our presentation at SaaS University last week in Chicago) is the gap that exists between the APIs/management access that SaaS applications provide today and the expectations of CIOs and IT teams, particularly in the enterprise.  The end-customer CIOs we’re working with are typically surprised at how difficult it is to integrate most SaaS applications into their existing management processes and solutions –  a CIO we recently spoke with just assumed that all major SaaS applications supported direct integrations into Active Directory and LDAP.  On the flip side, most SaaS vendors are being faced with IT requirements and expectations they haven’t yet considered, let alone support in their services (though there are exceptions) particularly in identity-related areas such as user authentication and access control.

Why is this important?

IT is regaining its seat at the table when it comes to SaaS.  In mid-size enterprises, as SaaS adoption has accelerated cross-functionally organizations are beginning to look to IT to centralize management and governance of SaaS applications and users to minimize compliance risks and administrative costs.   In a recent survey we found that IT was involved in management and administration of SaaS applications in 72% of multi-SaaS organizations.   In larger enterprises that are now taking a serious look at SaaS, IT is involved from the start to determine how the applications will be integrated into broader business processes and other on-premise applications, as well as management processes and solutions.  We’re starting to hear from both types of organizations, as well as the SaaS vendors that serve them, that application ‘manageability’ is becoming a consideration in sales cycles – in fact we’re aware of several situations where an incumbent SaaS provider was displaced by an offering with improved API and management access.

Why the disconnect between SaaS vendors and IT?  Based on our experiences and interactions with both sides of the issue, the gap that exists between SaaS applications and IT is driven by two factors:

• SMB legacy – the majority of leading SaaS vendors (including Salesforce.com) grew from an initial focus on SMB customers.   Applications were architected and optimized to solve a specific functional business problem for this initial class/size of customer, with (understandably) limited focus on how the application would have to integrate into multi-SaaS or enterprise environments.
• IT as ‘the enemy’ – the ease of deployment and flexibility of SaaS eliminated the need for business users to involve their IT organizations in the selection, configuration and management of SaaS applications.   As IT historically has neither been a decision-maker or influencer in the sales process, most SaaS vendors haven’t been exposed to IT organizations, particularly in the enterprise.  In fact, IT was and is often times (and often unfairly) characterized as the enemy of SaaS adoption, needlessly entangling business users in red tape and bureaucracy.  IT teams have also been part of the problem, often taking little interest in administering or managing SaaS applications.  In either case, most SaaS vendors have had relatively limited interactions with enterprise IT organizations, particularly when compared to on-premise ISVs.

We fundamentally believe that for SaaS adoption to continue to accelerate in both midmarket and large enterprises that the gap between IT requirements and SaaS application capabilities will need to be closed.  SaaS vendors need to improve APIs, management access and visibility in areas such as user and identity management, activity logging and monitoring, service management and back-office/financial management.  More on this to come….