Tuesday, January 06, 2009

SaaS Realities

There an intersting article on software as a service (SaaS) in the latest issue of ComputerWorld that you should check out. It's interesting to me because one of the virtual panelists (Daniel Wakeman, CIO of Educational Testing Service) stated that it was a "huge shortcoming" that SaaS vendors do not embrace federated identity management standards allowing centralized identification and validation of users via a single sign-on process. In particular, this comment stuck out:
We have to manage the identities of our employees at multiple SaaS providers. We can't say that this employee has terminated and automatically shut him off from all the systems he has access to.
Wakeman has hit the nail on the head. SaaS will only complicate security, audit and compliance if it doesn't effectively address identity management. As he points out, supporting federated identity management would go a long way to addressing those issues...

N.B. The online article, for whatever reason, totally omits the question that lead to this quote: "Is security an issue?". This is the second question in the print edition that appears on page 21 of the January 1, 2009 "Forecast 2009" issue of ComputerWorld.

Technorati Tags:
, ,


rajesh said...


Am sure you are aware of the upcoming concept of 'identity as a service', which aims at providing federated identity management. Its nothing but taking your favorite 'directory' to the cloud. As an enterprise I may subscribe to various services, all of whom outsource identity management to a single identity management service provider.

Also, as a hack, there are a few services which even provide Active Directory authentication for their customers (AD resides in the enterprise and a local agent or proxy coordinates with the service) ! They provide many different flavors of that as well. For enterprise services, this may become a practical solution (subscribe to only services that support this).

Well, we now have to accept SaaS and do our bit to overcomes the hurdles and not try to find 'that one thing' which will be an impediment to the movement to SaaS.

My 2 cents.


Unknown said...

Microsoft recently announced its big push in SaaS with Microsoft Online Services. In this buzz driven discussion of life in the cloud, there is limited discussion of identity management.

my site