We need to move identity management to the cloud

Centralized identity management in the cloud is a very good idea, but it'll go nowhere until IT resistance ends

We've known for a while that centralized identity management provides a huge advantage when using complex and widely distributed systems. But who uses complex and widely distributed systems? Anyone who uses cloud computing, that's who.

There are so many moving parts to a public, hybrid, or multicloud deployment that security is a nightmare. The ability to assign centralized identities to all these parts -- person, device, or data -- allows for more control, as well as more flexibility.

[ From Amazon Web Services to Windows Azure, see how the elite 8 public clouds compare in the InfoWorld Test Center's review. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

This is the concept of identity-based security -- the kind of identity management that was around before I could legally buy beer. Although it's an old concept, it saw wide adoption only as we moved to more distributed and complex systems, including the shift to service-oriented architecture in the mid-2000s and now the transition to cloud computing.

Adding value to the concept of identity-based security is the notion of centralized identity management, or what I call centralized trust. In short, this is the ability to provide credential validation services delivered from a central source.

This could certainly be at the enterprise level, and most people in enterprise IT would choose that option. However, as we move to cloud computing, it makes more sense that we centralize trust, well, in the cloud.

The idea is that each "actor" in a system -- a device, person, database, server, or queue -- goes to the mother of all identity servers to validate its credentials and be allowed access. This provides several advantages:

  • The ability to have common identity validation for systems both inside and outside the enterprise, such as those hosted on public clouds
  • The ability to centrally solve problems, such as identifying and neutralizing security problems
  • The ability to spend less on enterprise security by relying on the centralized trust model to deal with identity management across external and internal systems

We have the same problem with this model as we had with cloud computing a few years ago: Enterprise IT does not trust anything that does not exist in its data center, especially security servers. However, for this notion to work, we must do exactly that: Take it out of the data center and centralize it in the cloud.

There are too many advantages to centralized identity management. That said, central identity management will be slow in coming -- it can progress only as fast as people are willing to accept it.

This article, "We need to move identity management to the cloud," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.