IAM Trifecta: Connect, MQ, and CIS

June 15th, 2015   /     /   company news

Not to marginalize the achievement of American Pharaoh in the Triple Crown, but the last 2 weeks also saw lots of activity in the cloud Identity and Access Management (IAM) space. I was fortunate to be involved in 3 activities that focused on IAM:

  • OneLogin Connect - our San Francisco User Group meeting
  • Gartner IDaaS Magic Quadrant (MQ) - the 2015 report is out with OneLogin named a Visionary
  • Cloud Identity Summit (CIS) - the 6th annual event hosted by Ping Identity in San Diego

1. ONELOGIN CONNECT

The first OneLogin Connect (#olconnect) User Group event for 2015 was hosted in San Francisco May 28, and we had over 50 attending customers spend the afternoon with OneLogin product and customer success teams. Just a small subset of takeaways from a productive afternoon of discussions.

  • There’s a clear transition underway from thinking of just SSO and end user “convenience,” to a discussion about core security and cloud architectures.
  • Our new highly resilient SaaS architecture, which was recently promoted to production, received kudos from the attendees. With this new architecture we’ve separated the SSO and Admin tiers. Our SSO tier serves up user authentication services from a replicated and widely distributed, elastic load balanced infrastructure across Amazon, while the Admin tier is hosted within Rackspace on new high capacity hardware. SSO access events and logging services are preserved despite any potential disruption to the services.
  • From all the new items in the roadmap, the more significant capabilities being introduced to our services included:

    • Mobile Identity Management

      • OneLogin will manage user identities at the mobile app level, establish trust between applications and users, and enforce policies to control access. OneLogin will push a private certificate to every device, and assert device policies as well as user identities to mobile devices and applications.
      • To solve the mobile SSO problem, OneLogin will be leveraging the NAPPS standard. Currently, mobile app developers are actively engaging our new toolkits, and you can contact OneLogin for assistance at napps-info@onelogin.com.
    • Enhanced Cloud Directory

      • OneLogin will be adding functionality to its existing cloud or “meta” directory to support additional use cases, thus allowing organizations to replace Active Directory and LDAP on-premises. Additional API’s and standards-based toolkits are available at developers.onelogin.com.
      • OneLogin will provide an LDAP endpoint which can directly interrogate the OneLogin cloud directory to authenticate PCs and Macs. Thus, as desktops and mobile devices are enrolled with OneLogin (via OneLogin Desktop and OneLogin Mobile) specific policies can be enforced.
      • OneLogin has staffed expertise to offer Professional Services in 3 tiers: Silver, Gold, and Platinum.
        Look for upcoming events in New York, Chicago, London, and Tokyo.

2. GARTNER IDAAS MQ

The annual Gartner MQ for Identity and Access Management as a Service (IDaaS) was released June 4. And while OneLogin continues to strive for Leader status, we were pleased to be recognized as a Visionary. And perhaps equally noteworthy, OneLogin is one of only two best-of-breed Web IDaaS vendors from a field of 15 (i.e. OneLogin and Okta). OneLogin continues to deliver unprecedented value to our customers, partners, and the market, and our innovations have proven to drive the market.

  • The IAM market landscape has shifted as the large IaaS and PaaS cloud providers like Microsoft, Salesforce, and IBM put their support behind IDaaS as a core cloud infrastructure service. Given the breadth of their portfolios and installed customer base, Gartner also reported these vendors as visionaries based on their sheer capacity to influence the market.
  • Gartner predicts, by 2019:
    • 25% of IAM purchases will use the IDaaS delivery model, up from < 10% in 2014.
    • 40% of IDaaS revenue will accrue to PaaS vendors, up from < 5% in 2014.
    • Read Gartner’s report

3. CLOUD IDENTITY SUMMIT

And lastly, the Cloud Identity Summit (#cisid15) was held in La Jolla, CA June 8-11, where approximately 1,000 IAM professionals (or Identerati as Andre Durand called us) from around the world participated in over 100 different sessions hosted by their peers. Clearly I couldn’t attend everything, but a few takeaways:

  • Security was at the forefront of conversation. And User Experience (UX) is still a critical success factor.
  • IDaaS has entered mainstream, and enterprises are moving beyond Web SSO with new budgets in 2016 to address provisioning, MFA, and Mobile.
  • Multi-factor Authentication is mandatory to minimize the risk of credential theft (username / password).
  • FIDO (Fast IDentity Online) introduced its initial spec 6 months ago, and has seen growing support in providing password-less authentication. Look to Microsoft Windows 10 and Qualcomm Snapdragon to leverage new biometrics capabilities with FIDO 2.0 including fingerprint and iris scan services.
  • Open standards are required, and SAML has been a great example of standards impact on the industry. However we can’t wait another 10 years for adoption to take hold with emerging standards/APIs such as NAPPS and SCIM.
  • SCIM (System for Cross-domain Identity Management) is the provisioning standard for which the community is looking to justify transitioning away from custom integrations.
  • SaaS providers and IdP’s should view themselves as data custodians and keepers of identities, and take the applicable measures to secure their data centers.
  • Internet of Things (IoT) is not an easy problem to solve, however the identity industry and key market leaders are stepping up to address.
About the Author

Chip Epps joined OneLogin in 2014 to help advance cloud security initiatives and the evolution of identity and access management. Having worked previously at Symantec, Trend Micro, and Websense he focused on securing virtual data centers and implementing SaaS-based compliance solutions. Prior to a career in security, Chip worked at Peregrine Systems (now HP), promoting ITSM and service management within a dynamic IT environment.

View all posts by Chip Epps