Ping Identity: Leaders in Cloud Identity and Identity Federation
Ping Identity provides cloud identity security solutions to over 800 of the world’s largest companies, government organizations and cloud businesses. With a 99% customer satisfaction rating, Ping Identity empowers 42 of the Fortune 100 to secure hundreds of millions of employees, customers, consumers and partners, using secure, open, standards like SAML, OpenID and OAuth. Businesses that depend on the Cloud rely on Ping Identity to deliver simple, proven, and secure cloud identity management through single sign-on, federated identity management, mobile identity security, API security, social media integration, and centralized access control. Visit www.pingidentity.com for more information.
First a short introduction to Ping and our mission. Ping Identity is 100% focused on Cloud Identity. We work with customers to help them enable and protect the identities of customers, partners, and employees. We do this with Cloud Identity Management solutions and services that cover the full spectrum of enterprise identity management needs in the Cloud.
The trends that are driving the need for secure cloud identity solutions and the growth of our business include the following:
- The trend to push as much as practical to SaaS and other Cloud service providers no matter where they are located to reduce IT cost, meet dynamic needs, or to accelerate time to market
- The proliferation of employee and customer mobile devices
- The explosive use of social media by customers and consumers
Each of these trends challenge traditional identity security practices that were designed for people, processes, and systems that all live inside a defensible perimeter. In a world without perimeters the main question is how can you execute your Cloud strategy in a secure fashion?
Business customers and consumers are rebelling at the requirement to login repeatedly, especially when trying to do business with you across your many products and affiliated services.
Productivity is challenged with the number of passwords an employee has to remember, usually having a negative impact on security. Employees are keeping password lists that are both frustrating and easily forgotten, lost, or stolen…and now these employees are mobile.
Security is a major concern when it comes to password use. Passwords in the Cloud may not follow corporate guidelines, are often weak, and can easily be lost or stolen. Maybe more concerning to Security teams is the common symptom of employees or partners retaining access rights to applications after they’ve left. We recently interviewed someone who still had CRM access 3 months after he left his previous company!
What underlies these symptoms and why has it been so hard to solve them? There are several reasons but at the heart of it is:
- Applications are designed to require and store identities and passwords to protect them. This results in a massive password proliferation problem.
- Identity directories and existing, trusted identity technology are on the other side of firewalled perimeters from many of the applications, devices, and people that they serve.
To illustrate, let’s start with your organization. Whether they are Consumers or your business Customers, when they come to your eBusiness site they find themselves entering their identity information as many times as there are applications and identity stores. These can be your applications or affiliated applications belonging to partners that you want to present to them from your website.
Employees face similar hurdles they may log in directly to external SaaS applications or Affiliated eBusiness portals with as many passwords as there are applications they use, or they may go through your identity store and portal of private and public cloud applications you have made available.
Add mobile employees or customers with local mobile apps that require their own passwords and the situation quickly gets very complicated. And these illustrations do not even include the challenge of de-provisioning any of these identities or the additional complexity of proprietary protocols and existing identity technologies that must be considered.
How can you begin to control this environment? Fortunately, we and our more than 700 customers have wrestled with these problems over many years and have distilled some useful and fairly simple advice. 5 of these best practices are listed here.
The first is to work towards separating identity from all applications. Let IT control and secure identities and provide Cloud applications with forms of authentication that reveal only what is necessary to gain access.
The second is related. Once identity is separated from applications, eliminate passwords wherever possible, don’t just hide them as some identity managements tools do. Passwords are the source of identity complexity and much security risk.
Third, always use industry standard and widely adopted methods and protocols such as SAML, OAuth, OpenID, WS-Trust and others to provide applications with non-password based identification.
Fourth, build on your trusted and enterprise-hardened identity architecture wherever possible. Changing everything is expensive and risky.
Last, while it might make sense to solve customer and employee Cloud identity problems incrementally, design your identity architecture for all anticipated use cases rather than adopt narrow purpose technologies.