Resellers looking to capitalise on the growing use of cloud services need to look at both the direct and indirect opportunities. The direct ones are the selling of cloud services themselves, perhaps implemented by the reseller or sourced from a cloud service provider or an aggregator. The indirect opportunity comes from selling the technologies that support the use of cloud services, especially those relating to security.
A recent Quocirca research report—Digital identities and the open business—shows that organisations that are using lots of cloud services recognise the importance of security for enabling this (Figure 1) and are spending a greater proportion of their IT budgets on security than those who hold back. One area of security stands out—identity and access management (IAM); 97% of cloud “enthusiasts” have an IAM system compared to just 26% of cloud “avoiders” (these terms are defined in the report).
One reason for this is that the single sign on (SSO) capability of many IAM systems have made it easier to provision and de-provision access to multiple cloud services. This ensures a given user has access the resources they need via a single identity with strong authentication (the user only has to go through the login process once). Perhaps more importantly, when the relationship with a given user ends, IT managers can be certain all access rights are removed quickly and completely through a single update to the IAM system. SSO also makes it easier to create granular access policies for different types of users and to keep accurate audit trails.
This article has been careful to use the term “user” rather than “employee”. This is another benefit of many IAM systems, the ease with which applications, cloud based or otherwise, can be made available to external users. This is the number one motivator for putting IAM in place in the first place; 58% of the business interviewed for the latest research had opened up applications to consumers, users from business customers and/or users from partners. Another recent Quocirca research report—The mid-market conundrum—shows that that the average UK mid-market business has 40 times as many external users as internal ones.
SSO can also be used to allow access to multiple applications for external users. Think of a travel agent providing flights, hotel bookings and car hire or indeed a reseller selling aggregated access to several cloud based applications to a range of customers. A further benefit that many IAM systems provide here is federated identity management.
Whilst the majority of businesses still rely on Microsoft Active Directory as a source of identity for their employees, they are often relying on other sources for external users. For users from business customers and partners, this is most likely to be a given organisation’s own directory system, but it could be a government database or a membership directory of a professional body. However, when it comes to consumers, one source of identity is coming to dominate—social media (Figure 2).
Social identities are those used to access online consumer services such as Facebook, Google and PayPal. Using social login avoids having to create and manage millions of identities. A number of specialist providers have emerged such as Gigya, Janrain and Loginradius. They check the veracity of social logins, act as brokers between multiple social media sites and those providing services that want to use social login and enable a single view of consumer customers regardless of how they login. Using such services it is possible to establish a high level of confidence that a real person is being dealt with.
The social login vendors limit themselves to social identities and maintain a consumer focus. Incorporating users from other businesses alongside employees and consumers requires the broader federated identity management capability described earlier. The big identity vendors such as CA, IBM, Oracle and Intel/McAfee are adapting their systems to address this requirement and new vendors such as Ping Identity, Okta and Symplified have emerged.
To come full circle, many of these are now provided as on-demand services—IAM as a service (IAMaaS). Indeed, Quocirca’s research shows that 43% of IAM deployments are either pure on-demand services or a hybrid deployment of a legacy on-premise system with a cloud service (Figures 3 and 4). Needless to say, those making extensive use of cloud services are the most likely to turn to IAMaaS, with around two thirds using it in some form. This makes sense, if the users and applications can be anywhere, why not the IAM system; cloud feeds and cloud! Resellers preparing the future to make sure they have the capabilities in place to capitalise on the both the direct and indirect cloud opportunity.