IT needs ID-as-a-service for move to cloud, expert says

Existing IT identity management systems don't provide the fuel to run cloud's motor for privacy, security

Broomfield, Colo. - The cloud’s motor needs identity to run, but existing enterprise ID infrastructures are not fuel for that motor, according to identity expert Kim Cameron.

“In IT, we are still back in 1890; everything is hand-made, handcrafted,” said Cameron, the author of the Seven Laws of Identity and Microsoft’s identity architect. He delivered a keynote Wednesday at the annual Defrag Conference.

Enterprise identity management needs to be more flexible, Cameron said, and it has to align with cloud service architecture, namely the emerging API economy. That economy is characterized by billions of API calls to support services sharing data on a massive scale that stretches across the enterprise and the cloud.

“If organizations want to survive they need breakthrough change,” he said. “The reason the API economy is so huge is the fact there is this new division of labor. The cloud is not about ‘I am going to cut my costs,’ it is a whole new way of producing IT.”

That division of labor allows IT to off-load work to cloud-based services for capabilities such as platforms, applications, storage, identity and other IT functions.

Cameron said enterprises, governments and other organizations that are following consumers into the cloud need different access controls and have different expectations.

“They won’t stand for being molested around privacy the way consumers have been,” said Cameron. “They are going to demand protection of their data and privacy.”

He said identity-management-as-a-service (IDMaaS) will meet those demands.  

Cameron clarified privacy saying it is not about individuals, but privacy for parties involved in transactions – enterprises, governments and service providers.

“All of them have the right to have confidential data and protect it," he said.

As way of example, he noted Microsoft’s first attempt at an identity service, which was called Passport. Widely panned, Passport failed because the service did not protect a company’s sensitive data, such as customer lists.

IDMaaS has come of age because the rise of cloud computing is driving enterprises to be leaner and more “fit to purpose,” Cameron said. 

“The functional specialization driving cloud economics needs a new model of identity management that has cloud-era capabilities,” he said.

Cameron said there are two caveats to the success of identity management as a service; trust frameworks are needed and privacy boundaries have to be as important as security boundaries.