Time to end the proliferation of passwords in the cloud
Cloud computing promises to free applications from vendor lock-in and the confines of company walls. Business is on the move with laptops, smart phones, and tablets. Access to applications can no longer be limited to a desk, building or campus. But with the new found freedom that the cloud promises comes a very different set of security challenges.
At the Cloud Identity Summit, Ping Identity CEO Andre Durand challenged a group of Internet industry leaders to work together to solve the protocol and architectural challenges of identity management in the cloud that is creating a growing number of user passwords and threatening cloud computing’s long-term success.
“Each new cloud application brings its own directory and associated overhead for managing users and permissions,” said Durand. “Users must juggle dozens of separate logins and passwords, administrators are drowning in user provisioning tasks and IT is losing visibility and control. Proprietary solutions can’t scale. We must work together as an industry to stop the password proliferation for stronger cloud security.”
A substantial gap remains between companies that see potential value in cloud computing and those that are actually doing it according to a 2009 Kelton Research survey. Respondents reported that internal IT systems are too expensive, and two-thirds view cloud computing as a way to reduce up-front costs. Yet more than 80% of those with only internal IT systems don’t plan on integrating any form of cloud computing over the next 12 months. Why? By a five-to-one margin, respondents feel that their own IT systems are more secure.
Durand says delivering true cloud security requires industry-wide collaboration on standards so that scale and loose coupling can be achieved.
“We must have identity management systems that are inherently capable of interfacing with one another. To achieve this, all of our use-cases for identity and security must be based on open standards, freeing us to couple systems, applications and users across both internal and external scenarios, and freeing users to access applications from any location or device,” he said.
“Identity federation – a single, strong user password – must be at the center of this new era of Internet Identity Security. Our customers show us again and again that SSO is key to enabling the access, authorization, account management and audit capabilities necessary to ensure cloud security and bring an end to password proliferation.”