Click here to close now.


Microservices Expo Authors: Pat Romanski, AppDynamics Blog, Liz McMillan, XebiaLabs Blog, Elizabeth White

Related Topics: @ThingsExpo, Microservices Expo, @CloudExpo, Cloud Security, @BigDataExpo, SDN Journal

@ThingsExpo: Article

'Internet Of Things' and Identity

As the Internet of Things continues its march to the mainstream, organizations have more opportunities to expand relationships

Over the past few years, enterprises have been moving to the cloud to streamline processes and operations. A study last year by TheInfoPro indicated that there is no sign of cloud investment slowing down - predicting an average growth rate of cloud spending of 36 percent from this year until 2016. As the Internet of Things continues its march to the mainstream, organizations have more opportunities to expand relationships with customers and partners by building and offering new services. These services have the potential to exponentially drive revenue and create business value.

The question is, what do CIOs need to do to make sure that their companies can take advantage of this potential? The first step is to look at their existing technical infrastructure to ensure that it can truly enable companies to drive change. One crucial component: security, including identity and access management.

IRM and the Cloud: The Move Toward Supporting a Dynamic Environment
Traditionally, identity and access management (IAM) was used to defend a company from security breaches and protect data by providing the right level of access to the right people, who were typically employees of the company. But in a cloud-based world, where organizations need to break down the walls to increase their interaction with customers and partners, a traditional IAM solution just doesn't work - it won't be able to cope with the varying devices and environments at Internet scale.

Looking at all the differences between what is needed now and what traditional identity management offers, I think that "identity relationship management" (IRM) is the best way to describe the new lightweight and agile solution that companies will adopt. A term coined by Kantara Initiative in October 2013, I think it is a perfect way to describe the changes that are needed - moving from managing access and identities to managing relationships.

In a cloud-based world, organizations need to ensure that their IAM system - a critical security component - is able to handle dynamic requests. What do CIOs and CSOs need to look for in an IRM solution to drive revenue through the cloud, while still ensuring a secure experience? Here are some ideas:

  1. Scalability: In a world running on the cloud and the Internet, scalability is a key factor - it's no longer about managing employees who access information from their desks. Customers, partners and employees are accessing information from devices across a variety of locations and the number of users grows exponentially over time, so identity systems need to manage millions of identities instantaneously.
  2. Intelligent and adaptable: Now that everyone has a mobile device, they expect access to information across different environments and geographies. But, that doesn't mean that IT needs to compromise on security. That's why identity and access systems need to be flexible, so that if a user tries to access a secure portal from a new device or location, it will allow access, granted they have the proper credentials.
  3. Modular structure: Modern identity demands are at an entirely new level of complexity that an old, traditional system is not able to handle. Systems need to respond quickly to a plethora of varying factors - devices, circumstances, and access privileges - to ensure that systems continue to run seamlessly. Now that companies are opening up access to partners and customers, user experience becomes that much more complex and critical, and traditional IAM struggles to respond to these varying factors.
  4. Borderless: Not long ago, information was stored on premises and that's where employees accessed it from - their desktop from the network in their office. Now that companies have adopted new technologies like cloud and SaaS, information is likely stored across all three environments, but users still expect the same fast and easy access. A good IRM solution is borderless so that stakeholders have the flexibility to securely and seamlessly access information stored in any environment from anywhere.

Making the Transition Easy
There are also some detailed technical features that organizations can keep in mind when choosing an IRM solution. These include emerging standards like OpenID Connect and OAuth 2.0, which enable cloud and mobile-ready features like device agnostic single-sign on (SSO) across environments. A system that uses REST APIs also makes it more developer friendly, and is a lightweight and flexible alternative to traditional SOAP-based Web services.

When considering implementation, it is essential to ensure the deployment is as quick and easy as possible. Oftentimes, organizations are using different IAM systems across their company, making management difficult. Deploying a central IRM solution gives users the ability to quickly create and deploy new revenue-generating services.  Additionally, the IT team is able to manage and scale the system much easier from one centralized location.

IAM has always been seen as a necessity for employees and company systems, and therefore a business cost, but with the cloud, organizations are in the unique position to adjust their focus from simple identity and access management to leveraging the value of unique relationships to drive business' top-line revenue.

More Stories By John Barco

John Barco is currently vice president of product management at ForgeRock. He has more than 20 years of experience building innovative products for enterprise customers with focus on identity and access management for the last 12 years. Prior to joining ForgeRock, he served as senior director of product management for the Identity Management group at Sun Microsystems. John has also held leadership positions at iPlanet, Silicon Graphics, NComputing, and IronKey. He holds a degree in industrial engineering from Missouri State University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

@MicroservicesExpo Stories
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
If you are new to Python, you might be confused about the different versions that are available. Although Python 3 is the latest generation of the language, many programmers still use Python 2.7, the final update to Python 2, which was released in 2010. There is currently no clear-cut answer to the question of which version of Python you should use; the decision depends on what you want to achieve. While Python 3 is clearly the future of the language, some programmers choose to remain with Py...
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
Opinions on how best to package and deliver applications are legion and, like many other aspects of the software world, are subject to recurring trend cycles. On the server-side, the current favorite is container delivery: a “full stack” approach in which your application and everything it needs to run are specified in a container definition. That definition is then “compiled” down to a container image and deployed by retrieving the image and passing it to a container runtime to create a running...
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
As the world moves towards more DevOps and microservices, application deployment to the cloud ought to become a lot simpler. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. In his session at 17th Cloud Expo, Raghavan "Rags" Srinivas, an Architect/Developer Evangeli...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, ...
Despite all the talk about public cloud services and DevOps, you would think the move to cloud for enterprises is clear and simple. But in a survey of almost 1,600 IT decision makers across the USA and Europe, the state of the cloud in enterprise today is still fraught with considerable frustration. The business case for apps in the real world cloud is hybrid, bimodal, multi-platform, and difficult. Download this report commissioned by NTT Communications to see the insightful findings – registra...
Application availability is not just the measure of “being up”. Many apps can claim that status. Technically they are running and responding to requests, but at a rate which users would certainly interpret as being down. That’s because excessive load times can (and will be) interpreted as “not available.” That’s why it’s important to view ensuring application availability as requiring attention to all its composite parts: scalability, performance, and security.
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
There once was a time when testers operated on their own, in isolation. They’d huddle as a group around the harsh glow of dozens of CRT monitors, clicking through GUIs and recording results. Anxiously, they’d wait for the developers in the other room to fix the bugs they found, yet they’d frequently leave the office disappointed as issues were filed away as non-critical. These teams would rarely interact, save for those scarce moments when a coder would wander in needing to reproduce a particula...
All we need to do is have our teams self-organize, and behold! Emergent design and/or architecture springs up out of the nothingness! If only it were that easy, right? I follow in the footsteps of so many people who have long wondered at the meanings of such simple words, as though they were dogma from on high. Emerge? Self-organizing? Profound, to be sure. But what do we really make of this sentence?
As we increasingly rely on technology to improve the quality and efficiency of our personal and professional lives, software has become the key business differentiator. Organizations must release software faster, as well as ensure the safety, security, and reliability of their applications. The option to make trade-offs between time and quality no longer exists—software teams must deliver quality and speed. To meet these expectations, businesses have shifted from more traditional approaches of d...
Information overload has infiltrated our lives. From the amount of news available and at our fingertips 24/7, to the endless choices we have when making a simple purchase, to the quantity of emails we receive on a given day, it’s increasingly difficult to sift out the details that really matter. When you envision your cloud monitoring system, the same thinking applies. We receive a lot of useless data that gets fed into the system, and the reality is no one in IT or DevOps has the time to manu...
Last month, my partners in crime – Carmen DeArdo from Nationwide, Lee Reid, my colleague from IBM and I wrote a 3-part series of blog posts on We titled our posts the Simple Math, Calculus and Art of DevOps. I would venture to say these are must-reads for any organization adopting DevOps. We examined all three ascpects – the Cultural, Automation and Process improvement side of DevOps. One of the key underlying themes of the three posts was the need for Cultural change – things like t...
It is with great pleasure that I am able to announce that Jesse Proudman, Blue Box CTO, has been appointed to the position of IBM Distinguished Engineer. Jesse is the first employee at Blue Box to receive this honor, and I’m quite confident there will be more to follow given the amazing talent at Blue Box with whom I have had the pleasure to collaborate. I’d like to provide an overview of what it means to become an IBM Distinguished Engineer.
I’ve been thinking a bit about microservices (μServices) recently. My immediate reaction is to think: “Isn’t this just yet another new term for the same stuff, Web Services->SOA->APIs->Microservices?” Followed shortly by the thought, “well yes it is, but there are some important differences/distinguishing factors.” Microservices is an evolutionary paradigm born out of the need for simplicity (i.e., get away from the ESB) and alignment with agile (think DevOps) and scalable (think Containerizati...
The cloud has reached mainstream IT. Those 18.7 million data centers out there (server closets to corporate data centers to colocation deployments) are moving to the cloud. In his session at 17th Cloud Expo, Achim Weiss, CEO & co-founder of ProfitBricks, will share how two companies – one in the U.S. and one in Germany – are achieving their goals with cloud infrastructure. More than a case study, he will share the details of how they prioritized their cloud computing infrastructure deployments ...
DevOps Summit at Cloud Expo 2014 Silicon Valley was a terrific event for us. The Qubell booth was crowded on all three days. We ran demos every 30 minutes with folks lining up to get a seat and usually standing around. It was great to meet and talk to over 500 people! My keynote was well received and so was Stan's joint presentation with RingCentral on Devops for BigData. I also participated in two Power Panels – ‘Women in Technology’ and ‘Why DevOps Is Even More Important than You Think,’ both ...