TORONTO—Businesses will be running on the cloud in as little as five to 10 years, so getting on board with identity management now will be the “onramp” to sustaining and growing the business in the cloud over time, said Sun Microsystems Inc.’s chief governance officer for cloud computing.
Michelle Dennedy said given that cloud is inevitable, businesses must figure out what assets are in their distributed network and how to reap success from them.
Historically, little attention has been paid to individual accounts on the distributed network, like those of employees, customers and vendors. “Identities are now being realized as the true assets for the organization,” said Dennedy, who spoke at a CIO Canada Frankly Speaking Breakfast entitled Identity Management—Pathway to Enterprise Agility.
Dennedy urged the audience of chief information officers to pay attention to identity management because, while discussion on the topic has been ongoing for some time, the technology actually works now.
Also on the panel, Mark Dixon, Sun chief identity officer for North America, pointed out that having technology and processes in place to manage access to online systems can reap regulatory compliance, operational efficiency, security, and the enablement of business processes.
Many companies look upon identity management as an enabler, said Dixon. “Why do race cars have brakes? Certainly not to make them go slow. It's to give them control so they can go fast,” he said.
Integrating identity management systems with the jungle of in-house-built versus commercial applications is not necessarily obvious in terms of which is easier, said Dixon. Some IT departments might have built thousands of in-house applications in which the authentication and authorization processes are more easily controlled than those of commercial vendor apps, he said. But commercial apps might integrate more easily.
But the holistic approach required of identity management can be daunting to organizations. Injecting cloud computing into that equation may seem to complicate matters, but Dennedy said there is often more cloud in the business than leaders are aware. So, over are the days of regarding a business’s IT infrastructure as a segregation of cloud and internal IT, she said.
This means that companies have the challenge of ensuring their identity management systems interoperate with those of their cloud providers. Dixon said while standards-based identity management technology exists, there is yet no standardized legal contract to “establish those circles of trust.”
Dennedy said there is a movement to standardizing in the cloud, but the problem is a lack of open APIs (application programming interfaces) in cloud development.
“Tell your vendor you want interoperability,” said Dennedy. “That’s the only thing that moved some of these highly proprietary vendors off the dime.”
Attending the event was Roman Olarnyk, chief information officer with the Ministry of Health and Long-Term Care (MOHLTC), which has an identity management initiative in place.
Olarnyk agreed that identity management in a cloud environment requires that customers be able to work well with their cloud providers.
“When I take a look at the ‘I’ in Identity, that’s the antithesis to enterprise agility,” said Olarnyk. “It’s the concrete that weighs down the enterprise and what we need is less ‘I’ and more ‘We.’”
Currently, identity management is owned by the IT department, where it’s buried in security, “which means it’s in the dungeon,” said Olarnyk. But if identity is an asset in a business’s distributed network, then it must be owned by a department that can turn the asset into a business opportunity, he said.