Keeping up with the identity management Joneses

One of the biggest problems with the consumerization of IT is scale: There are so many devices, apps and cloud services that IT could never keep up with them all.


One of the biggest problems with the consumerization of IT is scale: There are so many devices, apps and cloud services that IT could never keep up with them all.

Identity management offers a way around this problem, by letting IT focus on users, but the same problem lurks on the horizon: So many vendors are getting into Identity as a Service (IDaaS) that it's hard for IT to keep up.

With that in mind, let's take a look at different IDaaS tools and approaches and what they can do, can't do and could do in the future:

VMware and Citrix Systems make identity management part of their broader application delivery and management strategies. VMware's Horizon Application Manager ties into Active Directory (AD) to control which users can access which apps on which devices, and Citrix's CloudGateway 2 uses AD to support single sign-on (SSO) for application access via Citrix Receiver.

Microsoft, the company behind AD, is of course in on this market as well. Windows Azure Active Directory lets IT control access to Office 365 and apps hosted on Azure, but it's hard not to see this service's potential if Microsoft extends it to other types of applications. As Bromium's Tal Klein wrote on Twitter this week, "If I were Citrix or VMware and saw something like this on the MS roadmap ... I'd give up my Cloud Gateway/Horizon plans."

One vendor that's not enamored by all this focus on AD is Intel, whose CTO Andy Thurai said last week, "Active Directory is no longer sufficient for managing identity." (And nearly half of our readers agreed with him.) Intel now has its own IDaaS offering, Cloud SSO, but it only authenticates to various cloud apps and requires a separate client for AD integration.

And finally, like most technology markets these days, identity management is being consumerized. Take Google, for example: Your Gmail address now gets you access to productivity apps (Google Docs), a social network (Google+), a phone number (Google Voice), your mobile apps (on Android) and much more. Then there's Facebook's social plugins and Twitter's APIs, which let you log in to any number of third-party sites and services. Employees may use these identities for work tasks -- Gmail forwarding, corporate Twitter accounts, etc. -- and IT may want some oversight.

Microsoft's Access Control Service already integrates with Google, Facebook, Windows Live ID and Yahoo, and you can bet other IDaaS offerings will follow suit. The goal of identity management is to help IT get a handle on consumerization, but if a service doesn't touch all aspects of a user's work identity, it will only create more of a mess.


Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Interesting topic! I'd tend to agree with @Tal and add that citrix has failed in the portal space before. I just don't agree that this overload everything into Receiver as the way to the cloud and control is the future. It's a wish that Citrix and VMware want to impose upon the world and Gartner is over talking Citrix and VMWare in their talk about the the need for aggregators of apps.

IMO there will be many types of identity providers, just can't depend on one, although for enterprise IT I still suspect that AD will be dominant one for a long long time. However not sure I can bet that AD will represent all app types that I want to use in the future. So what is needed is a separation of authorization and authentication. I should be able to authenticate with more than one identity provider that I choose to trust, although I still struggle with who can I really trust unless I am the provider....