What's your take on the new Simple Cloud identity Management (SCIM) standard? Now that version 1.0 is available, is it something we should make a part of all future cloud-related implementations in order to streamline provisioning?
Ask a question
Randall Gamby, SearchSecurity.com's resident expert on identity management and access control, is standing by to answer your toughest enterprise IAM questions. Send in your questions today! (All questions are anonymous.)
Like all frameworks, the Simple Cloud Identity Management (SCIM) standard provides a model for cloud vendors to review as they work with their corporate customers in moving identity management services outside the enterprise. For the past several years, virtually all organizations have been working to off-load their non-mission-critical activities to external providers in order to save on costs and improve efficiency. One important component of IT organizations that has eluded this deployment model is user identity management.
Due to the several factors, implementing this model within an enterprise environment is nearly impossible. Some roadblocks include the sensitive nature of the information these systems contain, the need to interconnect enterprise applications in order to consume this information, some of which is extremely proprietary, and the lack of Internet interconnection models of operations and standards. With identity management processes and systems being extremely costly to deploy, it’s been the dream of many CIOs to get these services off their books.
The SCIM identity management paradigm is a great starting point that cloud computing vendors should begin to embrace. However, SCIM isn’t the only standard. The Kantara Initiative’s Identity Assurance Working Group (IAWG) has also done extensive work with externalizing identity management. Furthermore, there’s a number of technical standards such as OAuth, SAML, XACML, OpenID Connect and JWT, that have their own models and configurations for external identity management interconnection. We are only at the starting block of Internet-initiated identity management and until these models and standards are consolidated, or abandoned, I’d be surprised to see any commercial services available in 2012. Although, with the high cost of maintaining this information at the enterprise level, and Internet-based business models being the norm, there’s definitely enough market demand and companies ready to pay for outsourcing identity management that it won’t be long before cloud-based identity management strategy will be a reality.
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.