This document discusses identity and security in discontinuous cloud infrastructure. It outlines an agenda covering what identity means in the cloud, cloud security models from an identity and access management perspective, and how security models relate to compliance. The document also discusses how cloud, security and identity intersect, the transition from identity in the cloud to cloud identity, and the opportunity around identity in the cloud.

1. Identity and Securing
Continuous Services in
Discontinuous Infrastructure
Steve Coplan, Analyst
CLIENT EVENT: BOSTON, DECEMBER 1, 2010

2. The 451 Group
Analyzing the business of Enterprise IT
Innovation
Unique Analysis of the Hosting, Managed
Service, Third-Party Datacenter and
Internet Infrastructure sectors
The Uptime Institute is the leading
independent think tank and research body
serving the global datacenter industry.

3. About
§ Longstanding member of the 451 analyst team
§ Startup experience at acquired security vendor
§ Expertise in M&A, networks
§ Only security analyst with a degree in Zulu
3 Client Event: Security |

4. Agenda
§ What do mean by identity in the cloud?
§ Cloud security models from an IAM perspective
§ Security models and compliance
§ Cloud, security and identity in the cloud
§ The transition from identity in the cloud to cloud identity
§ What's the identity in the cloud opportunity?
4 Client Event: Security |

5. The Intersection of Cloud and Identity
Enterprise identity Cloud service providers
§ Authenticated employee § Customer
§ Group member § Service provisioning construct (revenue
§ Provisioning Target event)
§ Role-defined § Customer profile
§ Authorization set § Service contention priority
§ SLA input
Cloud can be a:
●
Shared resource (customer, partner, employee)
●
Private cloud
●
Off-premise servers, storage, applications
●
Hybrid
Cloud users can be:
●
IT administrators buying cloud resources
●
Enterprise users consuming SaaS applications
●
Developers running applications/QA on PaaS
●
Cloud service providers running a set of services for enterprises
5 Client Event: Security |

6. Objective and Outcome-Oriented Security
Outcome: Objective:
§ Ensure everyone does what § Secure the infrastructure
they are supposed to and IT operations
§ Establish a normative set of § Keep out the bad guys
behaviors around the • How to translate this objective to
transfer and consumption of a discontinuous infrastructure?
information
• How to translate this outcome to
a set of continuous services?
6 Client Event: Security |

7. Defining Outcome-Oriented Security
§ Outcome-oriented security is contingent on a set of
policy statements
§ Policy - A principle or rule to guide decisions and
achieve rational outcome(s)
Central policy definition is great, but what about
exceptions?
Policy is king, but a king in a constitutional
monarchy
§ Business owners, application owners need delegation
capabilities
7 Client Event: Security |

8. Outcome-Oriented Security and Compliance
Growing overlap in spending, definitions and
operations between compliance and policy
§ Need to drive automation of compliance processes
leads to governance, eg access certification
§ Visibility is compliance’s greatest gift
8
8 Client Event: Security |

9. Defining Outcome-Oriented Security
Questions remain:
§ How can we enforce stated policy?
A stated policy does not an enforced policy make
How do we define current state against stated outcome?
Visibility is only a precursor to enforcement
§ Where does trust, privacy and liability fit in?
9
9 Client Event: Security |

10. What does this have to do with identity and the cloud?
Identity is important because:
§ Compliance requirements invoke identity attributes or definitions, access
controls and authentication
§ Identity pivot construct in defining access controls for the cloud
• Need to know who you are to describe what you can/can’t do
§ Identity single control construct for multiple resources
• SSO functions as a normalized event stream for a user
• Cloud Hybridization, Desktop Virtualization, Device Proliferation escalate
need for a consolidated identity and abstracted attributes
10 Client Event: Security |

11. What does this have to do with identity and the cloud?
Identity in the cloud is important because:
§ Identity is the common point of reference for discontinuous infrastructure
§ Identity is the a key parameter for making sense of visibility
§ Who is the first question from a business context and by extension policy
11 Client Event: Security |

12. The new frontier
12 Client Event: Security |

13. The Intersection of Cloud and Identity
Identity management Cloud service providers
vendors are from Venus
are from Mars § View identity as a platform
§ View identity as a middleware component
layer or service § View identity as an service
§ View cloud, virtualization and enablement construct
mobile
Different understanding of the function of identity
§ Identity management vendors still dealing with technical challenges
of portable identity
§ Cloud service providers see need for portable identity associated
with portable image
Need for a match.com broker?
13 Client Event: Security |

14. Identity in the cloud: A maturity model
Managed
Operational Native Portability
portability
Portability (Architecture)
(Infrastructure)
14 Client Event: Security |

15. From Identity In the Cloud to Cloud Identity: Maturity Model
Maturity
stage Customers Technology Elements Providers Delivery Model
Operational Enterprise SSO Identity management Hybrid: On-premise gateways
Portability (Identity providers) Authentication vendors (Incumbents, Federation gateways
Service Providers venture-funded partners)
Federation (SAML, Federation hubs
(relying parties) OpenID, OAuth, WS-Fed) Platform vendors
SaaS providers Application Access
Paas Providers Control
Infrastructure Identity Providers Authorization (XACML Paas/SaaS Providers From the cloud Authentication,
(Managed Cloud Service Providers Provisioning/Governance Identity management SSO, trust services
Portability) Identity as a Service Cloud access gateways vendors To the cloud
Providers Trust brokers Cloud service providers Provisioning
User privacy stores In the cloud:
Directory in the cloud
Architecture Enterprise Embedded middleware Cloud service providers In the cloud -service federation,
Cloud service providers Attribute sources PaaS providers image federation
(Native
Attribute assurance Identity Providers Run-time authentication,
Portability) authorization and provisioning
Trust brokers Identity as a service
Cloud federation vendors
Incumbents
15 Client Event: Security |

16. Cloud Identity: Characteristics
Granularity Automation Security
16 Client Event: Security |

17. Identity in the cloud: A tale of many markets
Enterprise ID Services Transactional
Extension (to, from, in the cloud) (Identity providers)
17 Client Event: Security |

18. Identity in the cloud: Meta-issues
Liability Trust/Assurance Value
18 Client Event: Security |

19. From Identity In The Cloud to Cloud Identity: Requirements
Maturity
stage Characteristics Affinities Meta-Issues
Portability Automation (+++) Compliance Automation Liability (++)
Security (+) Governance Trust/Assurance (++)
Granularity (+/-) Value (+)
Infrastructure Automation (+++) Policy Management Liability (++)
Security (++) Information Management Trust/Assurance (++)
Granularity (+) Software Infrastructure as a Value (++)
Service
Architecture Automation (++++) Service Enablement Liability (+++)
Security (++) Big Data Trust/Assurance (+++)
Granularity (+++) Value (+++)
19 Client Event: Security |

20. Identity In the Cloud: Strategic But Also Lucrative?
Arms dealer Services Transactiona
§
Incumbents To, from and for l
transitioning from the cloud
enterprise sales §
Diversity of new Model
model Consumerization of
players §
§
Architecture enterprise identity
§
New market
question still Trust substrate
segments open §
unresolved §
Tollgate model
§
Build or embed?
20 Client Event: Security |

21. Identity In the Cloud: Winners and Losers?
It’s how you play the game
End users
§ Getting automation, granularity right yields security
§ Sets the stage to answer the question “what could you
do in the cloud”
Identity management vendors
§ Architectural issues, sales model major challenges
§ Their game to lose
Independent identity as a
service/federation/authorization
vendors
§ New markets, technology categories opening up
21 Client Event: Security |

22. Identity In the Cloud: Winners and Losers?
It’s how you play the game
Platform vendors forge into the new frontier
§ VMWare, Microsoft duke it out for end user tier
§ PaaS players make a development, embedded run-time play
Identity providers
§ If you build it, they come
§ Value contingent on required trust, attribute assurance
for transaction
Cloud service providers
§ Associating a portable image with a portable identity
§ Unified cloud environment/integration provider
22 Client Event: Security |

23. Identity In The Cloud
• Q&A
Q&A
23 Client Event: Security |

24. Identity In The Cloud
• Q&A Thank You.
Questions? steve.coplan@the451group.com
24 Client Event: Security |