In Depth
Federated ID: An Idea Whose Time Never Came?
A few years ago, advocates for federated ID management said the technology would be in mainstream use by now. That prediction hasn't come to pass for a variety of reasons
By Bill Brenner, Senior Editor
"Companies have a hard time implementing single sign-on within their own networks for their employees," he says. "The fact is most environments have too many distributed systems." He says it's hard enough to manage one security system. Bring in numerous systems and many more users across a wide area of internal and external domains and the challenge is simply too rich for many companies.
"In short, users love it but it is challenging and costly to build relationships and connect various domain systems through technical standardization," he adds. "If successful, independent reviews of third-party system security such as SAS 70 will become extremely important."
Despite these factors, federated ID vendors are keeping the faith.
True, adoption may not be at the blockbuster levels hoped for three years ago, but the deployments that have happened have been very successful, according to Vatsal Sonecha, vice president of product management and business development at Tricipher Inc. The vendor's myOneLogin suite of on-demand services has been a particularly popular product, impressing the likes of Mike Murray.
He admits federated ID is a tough nut for many companies to crack, especially when it comes to the complexities of getting it deployed across different organizations. His company's approach has been to solve the problem by making it an "in-the-cloud" service that doesn't rely on as much infrastructure. He predicts that approach will lead to a significant spike in deployments by this time next year.
For now, he says, adoption is most robust in the healthcare arena, both on the enterprise side and the patient and payment portal sides.
"We are talking to several large partners who really want to solve this issue," he said, noting that interest has come from sectors outside of healthcare as well. "Point-to-point federation isn't really working, hence the in-the-cloud approach, and I think that will lead to more adoption."
Other stories by Bill Brenner
federated ID
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- Implementing Best Practices for Web 2.0 Security
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
