Wednesday, 19 February 2014

Managing cloud users

Cloud or SaaS applications are increasingly used in enterprises. This is a strong market trend, as this technology makes it easier to provide applications and helps service providers be closer to their consumers, with no need to go through IT.
Enterprises must take into account these new application management modes. Indeed, companies are decentralised and although they use state-of-the-art interfaces, the people in charge of these applications have to manage users "manually" which, potentially, is a source of errors. The consequences of this type of management are well known in terms of security (passwords forgotten by users, multiple dormant accounts, weak password policy generating security holes), and in terms of cost (the price of the use of the service depends on its usage). The IAM solution (Identity & Access Management) which integrates support of cloud or SaaS applications is key as it gives control to people operating at a functional level.

How to perform cloud provisioning?
Today, there is no unique standard to manage provisioning for SaaS applications. The SPML (Service Provisioning Markup Language) standard has failed in this segment. As far as the SCIM (System for Cross-domain Identity Management) standard is concerned it is currently rarely used, even by those who promote it (Google, Ping Identity and SalesForce, for example do not use it for their application provisioning) or, it is used as a marketing argument by new entrants on the IAM market. Nevertheless, the SCIM standard, which will be enhanced in the 2.0 version, offers many advantages for the future since it is easy to use via its REST interface, easier to configure than SPML and finally, since it provides more possibilities for the user definition.
As a matter of fact, provisioning management for these applications is based on non-standard connectors, for example:
·        GoogleApps provisioning is based on REST APIs. The initial versions also had Java and Python implementations, but this is no longer supported by the current version. Google provides a very comprehensive API and enhances it constantly: so it is necessary to keep up to date. Note that the API has limitations in terms of use (frequency of use, for example) and that Google disclaims any responsibility concerning the use of the service.
·        The provisioning of Office 365 and Exchange Online is really operational only when using the PowerShell APIs, the REST interface is used for queries more specifically. The complexity lies in mastering the execution of the PowerShell from the dedicated Microsoft servers. Salesforce is interesting from an account creation management perspective as it can be performed on the fly, at connection time. For this, an identity federation must be implemented, where the identity server indicates to the Salesforce service the parameters required for the creation of the user, thus performing Just-In-Time (JIT) provisioning. Concerning the management of account modifications and deletions, the REST API must be used.

How to implement cloud provisioning in enterprises?
Cloud computing revolutionises business practices and the way enterprises use and manage their services. As far as identity management is concerned, it must continue to guarantee the company’s security policy that must be unique and centralised while flexible at the same time. Tools promoting identity management for cloud computing only are on the wrong track (or simply not good enough). Identity management tools must be adapted in order to manage cloud applications in the same way as internal applications. The level of service and ease of use of identity management functions do not depend on the location of servers!

We should also mention how Identity Federation mechanisms can also strengthen the security of these systems. This will be the topic of a future post.


As a conclusion, IAM solutions have a great future because if we want to control security and costs, we must be able to manage internal as well as external users – internal and external service consumers – in the best possible way.

14 comments:

  1. Salesforce is the best company that offers the efficient CRM service to the every entrepreneur in this world. Thanks for your content too. I would like to come back to this blog again in future.

    Salesforce certification Training in Chennai | Salesforce developer training in chennai

    ReplyDelete
    Replies
    1. Java Online Training Java Online Training Java Online Training Java Online Training Java Online Training Java Online Training

      Hibernate Online Training Hibernate Online Training Spring Online Training Spring Online Training Spring Batch Training Online Spring Batch Training Online

      Delete
    2. I have read your blog its very attractive and impressive. I like it your blog.

      Java Training in Chennai Core Java Training in Chennai Core Java Training in Chennai

      Java Online Training Java Online Training Core Java 8 Training in Chennai Core java 8 online training JavaEE Training in Chennai Java EE Training in Chennai

      Delete
  2. Cloud computing is a technology in which the future Information technology is going to rely on for their entire process. This is a technology that is not going to disappear just like that or the craze for this will also never reduce(). Your worth able content is also insisting the same. Thanks for sharing this in here.

    cloud computing training in chennai | cloud computing training institutes in chennai

    ReplyDelete
  3. This post is amazing.It is very useful for me.Important topic to explained very nice.thanks a lot for this information.

    cloud computing training in chennai

    ReplyDelete
  4. This blog explains the details about what happened after the expressions. This gives the details of the thinking next what to do. All that are discussed and provide a grateful talk.
    Cloud Computing Training in Chennai

    ReplyDelete
  5. Wonderful directory ideas that can help to boost our own web site creating, after i creating web site I will recall these points as well as help make some really good creating.Company About Us Page

    ReplyDelete
  6. Nowadays, many cloud storage vendors (virtual data room comparison) are using advance data encryption techniques, antivirus scanning procedures, data backup techniques, and other security solutions that a personal computing environment cannot offer. By keeping important data in the cloud, you can save it from all the major threats such as environmental threats, unauthorized users, technical failures and malicious software.

    ReplyDelete

  7. Thanks for posting this useful content, Good to know about new things here, Let me share this, . VMWare training in pune

    ReplyDelete
  8. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article.
    http://www.outsourcedataservices.com/product-upload-services/product-upload-product-data-entry-services/

    ReplyDelete
  9. I really appreciate for this great information, This type of message always inspiring and I prefer to read quality content. so happy to find good place to many here in the post. the writing is just great. thanks for the post.
    Bigcommerce Product Upload

    ReplyDelete
  10. Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us. Do check Six Sigma Training in Bangalore | Six Sigma Training in Dubai & Get trained by an expert who will enrich you with the latest trends.

    ReplyDelete