By: Fran Howarth, Practice Leader, Bloor Research
Published: 19th July 2013
Copyright Bloor Research © 2013
Founded some 11 years ago, Ping Identity has been one of the pioneers of the identity management as a service space. The idea behind such services is to extend identity management capabilities beyond enterprise applications provisioned in-house and under the control of IT to externally supplied applications, both web-based and in the cloud, and to external users of any of these applications.
Such services are fast becoming a necessity owing to a number of factors - the use of interactive, collaborative web applications has become the norm; the use of SaaS applications is becoming mainstream; and mobiles have become the device of choice for many users, both for leisure and for business purposes. Whilst these applications and devices, many of which are personally owned by users, are often outside of the control of the IT department, it is still a necessity that the organisation retains control of the identities of its users to prevent inappropriate access to data.
Each such application often has its own user name and password combination requirements for authenticating users, along with varying demands that include password complexity and expiration cycles. As the number of applications used proliferates, so does the headache of managing this vast array of identifiers.
Ping Identity was founded on the vision of solving this problem through the provision of single sign-on (SSO) capabilities, whereby users are afforded access to multiple applications and services with just one single set of credentials, allowing them to log in just once to access all the resources that they are entitled to use. This puts control over identities back in the hands of the organisation, providing a mechanism to centrally manage entitlements and authorisations according to policies set by the organisation. Where required, such as to access resources that the organisation deems to be particularly sensitive for its particular business needs, it can demand that stronger forms of authentication be used for higher levels of assurance that the user is who they claim to be.
By providing such capabilities as a centralised service, accessed via just a browser interface, the needs of the growing army of mobile workers, as well as external constituents such as business partners, can be catered for, allowing access to be controlled to both applications and services provisioned externally, as well as in-house applications. To be effective, such identity services must be based on widely accepted, as well as emerging, standards and should integrate with other security controls, such as log management and security information and event management systems, that attest that security levels are adequate and that provide an audit trail of all access and authentication events.
The announcement that Ping Identity has secured $44 million in funding attests to the strength and promise of this market, and comes on the heels of other acquisition and funding announcements by other vendors in this space, including RSA Security just recently and Okta in 2012. Ping Identity has shown strong levels of innovation in its product set to cater to the growing demands for the federated business and continues to add new features and support for the latest standards. It has recently embarked on international expansion and aims to use this new funding to further those ambitions to tap international markets that are currently under-served. It has hinted that it may be looking for an IPO in 2014, further underscoring the dynamism of the identity management as a service market.
Posted: 20th July 2013 | By Jershonite :
Can you say "single point of failure".
From an availability and simplicity standpoint, single sign on is a great idea, but from an integrity or confidentiality perspective, it means an attacker only needs to crack or steal one password and he has access to the entirety of the victims work life and possibly personal life.
I hope Ping is incorporating some practices and technologies to help reduce the risk of one password to rule them all.
Posted: 23rd July 2013 | By Badoink :
There are many ways to mitigate risk and exposure in an SSO environment:
2 Factor/Multi Factor Authentication
Adaptive Authentication (you're inside the corp network, auth using this factor.. you're outside the corp network, use this factor or factors).
Reliance on memorizing a single password at the user level allows system admins to incorporate strict and complex password requirements and restrictions (high character count and complexitiy, no re-use, regular changes etc).
Not to mention we at Ping dont store or touch the password, so it's as secure as the password data store/directory the administrators decide to use.
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.
All fields must be completed to submit a comment. Email addresses are passed through to the author so they can contact you directly if needed.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761