Answer

SCIM identity management strategy: Time to outsource IdM?

What's your take on the new Simple Cloud identity Management (SCIM) standard? Now that version 1.0 is available, is it something we should make a part of all future cloud-related implementations in order to streamline provisioning?

    Requires Free Membership to View

Ask a question

Randall Gamby, SearchSecurity.com's resident expert on identity management and access control, is standing by to answer your toughest enterprise IAM questions. Send in your questions today! (All questions are anonymous.)

Like all frameworks, the Simple Cloud Identity Management (SCIM) standard provides a model for cloud vendors to review as they work with their corporate customers in moving identity management services outside the enterprise. For the past several years, virtually all organizations have been working to off-load their non-mission-critical activities to external providers in order to save on costs and improve efficiency. One important component of IT organizations that has eluded this deployment model is user identity management.

Due to the several factors, implementing this model within an enterprise environment is nearly impossible. Some roadblocks include the sensitive nature of the information these systems contain, the need to interconnect enterprise applications in order to consume this information, some of which is extremely proprietary, and the lack of Internet interconnection models of operations and standards. With identity management processes and systems being extremely costly to deploy, it’s been the dream of many CIOs to get these services off their books.

The SCIM identity management paradigm is a great starting point that cloud computing vendors should begin to embrace. However, SCIM isn’t the only standard. The Kantara Initiative’s Identity Assurance Working Group (IAWG) has also done extensive work with externalizing identity management. Furthermore, there’s a number of technical standards such as OAuth, SAML, XACML, OpenID Connect and JWT, that have their own models and configurations for external identity management interconnection. We are only at the starting block of Internet-initiated identity management and until these models and standards are consolidated, or abandoned, I’d be surprised to see any commercial services available in 2012. Although, with the high cost of maintaining this information at the enterprise level, and Internet-based business models being the norm, there’s definitely enough market demand and companies ready to pay for outsourcing identity management that it won’t be long before cloud-based identity management strategy will be a reality.

This was first published in March 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: