BYOD and Cloud Fuel IDMaaS Landscape in 2013

The growing use of tablets, smart phones and cloud services is making it more complicated for IT organizations to manage user authentication and authorization to enterprise resources – as if it wasn’t difficult enough.

Consequently, the market for technology that provides secure single sign on is heating up. I delved into growing identity management as a services (IDMaaS) landscape a few months ago (see Going Cloud: Identity Management as a Service). In recent weeks, a number of companies have moved to up the IDMaaS ante including Centrify, Microsoft and Okta. And this week IBM rolled out an upgrade to its Tivoli Security Access Manager, with the launch of ISAM v. 7.0.

There’re a slew of other players including CA, Intel and its McAfee division, Ping Identity, SailPoint, Simplified, Symantec and VMware, among others that have furthered their push to advance IDMaaS in 2012 and will undoubtedly continue to do so in the coming year.

Looking at the latest developments alphabetically, Centrify earlier this month launched DirectControl for SaaS, which authenticates users via their Active Directory credentials to access software as a service-based solutions. Among those SaaS offerings Centrify supports include Box, Google Apps, Marketo, Microsoft’s Office 365, Postini, Salesforce.com, WebEx, Zendesk and Zoho. 

Centrify designed DirectControl for SaaS to allow single sign on access to these and other SaaS with a user’s Active Directory credentials, explained Centrify CEO Tom Kemp. Users can access any resource tied to Active Directory from traditional mobile PCs as well as Android and iOS-based smartphones and tablets whether they’re company issued or owned by employees.

Kemp said Centrify’s new offering doesn’t require changes to Active Directory or to endpoint security systems. “Our cloud offering is in effect an identity bridge to a customer's Active Directory,” Kemp said.

IBM’s new Tivoli ISAM v7.0 tackles IDMaaS from a slightly different perspective. Like Centrify’s offering, Big Blue said it provides context-aware management for mobile devices. But the new ISAM is helps centrally manage rights throughout the policy lifecycle from file creation to publishing, while enforcing compliance requirements.

In addition to controlling access to in-house systems, apps and data, the new ISAM release provides federated single sign on to various cloud service providers.

Looking to extend its Active Directory technology to the cloud, Microsoft is expected to launch Windows Azure Active Directory at some point next year. While Microsoft hasn’t said when it will be generally available, the WAAD is now available for beta testing.

Active Directory made its move to the cloud in 2011 with the launch of Office 365, when Microsoft permitted customers to federate their Active Directory domains to the service. Now users’ Active Directory credentials can be found in a Microsoft’s other cloud offerings including the online versions of its Dynamics applications and Windows Intune.

The next step for Active Directory’s cloud migration is to Microsoft’s Windows Azure service. In beta now, Microsoft last month said it will over access control in Windows Azure Active Directory (WAAD), free of charge upon release.

“If you’re building a service in Windows Azure, you can create your own tenant in Azure and create users and we let you manage those users, who can be connected to your cloud services,” Uday Hegde, principal group program manager for Active Directory at Microsoft told me earlier this month. Furthermore, Hegde said Windows Server customers running Active Directory on premise can connect to WAAD and avail all its features.

Microsoft is betting its large customer base running Active Directory will propagate it to WAAD. It stands to reason those who move Windows Server apps to Windows Azure, or build new ones will provide authentication services through WAAD.

Yet there’s a lot of money riding on IDMaaS alternatives. Okta earlier this month received a cash infusion of $25 million in Series C funding led by Sequoia Capital, bringing the total amount it has raised to $52 million.

Okta is using Active Directory and WAAD APIs to enable single sign on to SaaS and traditional apps. “A CIO wants to have one single identity system that connects them to these different applications,” said Okta VP Eric Berg.

Indeed I've heard that refrain for many years. We’ll see if the latest offerings, and a number of others, deliver.

Posted by Jeffrey Schwartz on 12/20/2012 at 4:59 PM