Cloud Zone is brought to you in partnership with:

Mark O'Neill is VP Innovation at Axway. Previously, he was CTO and co-founder at Vordel, acquired by Axway in 2012. He is the author of the McGraw-Hill book "Web Services Security" and is frequent speaker at conferences including Java One, the RSA Security Conference, and Oracle Open World. Mark is based on Boston, Massachusetts. Mark is a DZone MVB and is not an employee of DZone and has posted 64 posts at DZone. You can read more from them at their website. View Full User Profile

Plugging Cloud Identity Leaks

05.13.2013
| 1243 views |
  • submit to reddit

This Wednesday in Munich I'm speaking on "Plugging Cloud Identity Leaks - Should your Business become an Identity Provider?" at the Kuppinger-Cole European Identity and Cloud Conference.  

So what does it mean to "plug a Cloud Identity leak"? If employees at your business find it easier to "login with Google" or "login with Facebook" to cloud-based apps which they use for business, then that means that your employees are using a Cloud-based identity over their corporate login. This means that your employees credentials are being managed by a third-party. You're losing control, effectively leaking identity.

What is the alternative? The technical answer comes from standards such as OAuth 2.0 and OpenID Connect. These allow your employees to use their corporate login as a springboard to Cloud-based services, providing the same convenience of single sign-on, but with identity anchored at the corporate level.

I look forward to talking about this, and other cloud and identity topics, at EIC13. It's always a great conference with animated discussion (and German beer :-) ). 

Published at DZone with permission of Mark O'neill, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)