Who’s on First? Beyond the “Who,” “What” and “I Don’t Know” of Identity Management
Written by Richard Whitehead
Costello: “Look Abbott, if you're the coach, you must know all the players.”
Bud Abbott and Lou Costello were comedic geniuses. Their classic “Who’s on First?” routine can depict what it’s like to attempt a move to cloud computing without first establishing an enterprise-ready foundation of identity.
Before you consider moving workloads around, you need to know who has access to what, what proprietary data is in the workload, what will happen once the workload has executed—as well as a host of other important characteristics and processes necessary to ensure reliable performance, security and policy compliance.
I realize this may seem like pretty basic info for many readers, but stay with me. I’ll get to the relevance of cloud computing and intelligent workload management (IWM) shortly.
It’s a Whole New Ballgame
Today security just doesn’t work without identity. The whole point of IT security is controlling who has access to which resources, and what they can and can’t do with those resources. Without identity, it’s pretty tough to know: “Who did what to which resource?”
The traditional approach to IT security was one of trying to determine where a user was connecting from in order to authenticate them through the firewall and onto the network. That worked to an extent in its time. But today, partners and vendors often need access to the internal network—as do mobile workers. Location-based security simply wasn’t enough. At the same time, companies rely more on temporary workers at times when insider threats persist.
Finding Out Who Is “Who”
Identifying who is granted access is now a well-understood concept. Employees, partners and vendors are all given identities at this point, and most organizations understand their roles. Companies have invested millions of dollars in order to define policies that limit what people in these roles can and can’t do.
The creation of user identity had some beneficial “side effects,” allowing companies to simplify and automate the process of provisioning and deprovisioning users. This saves time and money while increasing security and compliance. For example, now when a sales person leaves to go work for the competition, you can make sure that their access to your customer lists is turned off. This can be automatically triggered by an event, such as an employee termination from human resources.
Identity Doesn’t End with the Living
Identifying people is only the first step. Identities must go beyond “who” to include “what.” That’s because you must be able to manage what it is people have access to. Identities must be assigned to technology resources—everything from desktops, laptops, printers and storage devices to databases and line-of business applications. Even virtual and cloud resources need identities.
Once you have the “what,” you can begin making intelligent security decisions and putting policies in place to control who has access to what.
The Identity-Infused Enterprise
Still, even this level of identification is not enough to truly control access to your network. You also need to be able to tie identity to actions. Then, and only then, can you actually answer the question of “Who did what to which resource?”
For example, you can now not only determine if users can connect to the network via the Internet, you can also control their exact level of access when doing so. In the data center, you can granularly control who can perform what actions on physical servers, virtual machines, applications, processes and stored data.
With identity infused into your enterprise IT environment, you can now understand the context of people, actions and resources—and make the right security decisions.
Intelligent Workload Management
With WorkloadIQ from Novell, identity is what puts the intelligence in intelligent workload management (IWM). It intelligently controls access to resources and applications—whether in the data center, on the road or in the cloud. And it provides the tools to ensure enterprise security policies are consistent across different systems. Giving workloads identities can also ensure performance metrics and service levels are met for business-critical applications—an important capability when you’re not exactly sure where a workload may be running.
So What Does All of This Have to Do with the Cloud?
As you extend to the cloud, identity provides an increasingly important role in enterprise computing. For one, identity continues to simplify and automate user account provisioning and deprovisioning, as you work with managed service providers and their external infrastructures.
Regardless of where you are with cloud-deployment today, infusing your enterprise with identity will help you push intelligent workloads beyond your firewall with confidence when you’re ready. Without errors or confusion.
IDC agrees. According to IDC, security and identity and access management are critical factors to the success of cloud computing. In essence, what their analysts have said is that you need those capabilities integrated into your own systems, devices, operating systems, middleware and applications before you can venture into any public cloud with confidence.1
Infusing Identity into Workloads with Identity Manager 4
Identity is the common characteristic that spans all information systems—physical, virtual and even cloud-based. That’s why Novell believes identity is the point of integration for intelligent workload management.
Identity management products such as Novell Identity Manager 4 greatly simplify this process by automating provisioning, user access and policy management. Novell Identity Manager 4 positions your enterprise for the future of cloud computing by extending identity management across SaaS applications and other resources beyond your firewall through our connectors. You can automatically provision and deprovision access to cloud resources and roll out new applications with the intelligence and efficiency you expect from Novell.
Keeping Track with Novell Sentinel
Providing service beyond simple security monitoring, Novell Sentinel collects, correlates, monitors and displays data from thousands of events per second in real time. This is essential for government applications and compliance regulations such as PCI-DSS, SOX and FISMA. That way, you always have up-to-the-minute reports on the health of your organization's security and compliance right at your fingertips. Moreover, by identifying highly confidential workload data that is outsourced to a cloud provider, you can know with certainty who has accessed that data—and be sure that no cloud-provider employee has been perusing your proprietary information after hours.
Getting the Last Word In
Costello may never have quite understood Abbott’s explanation of who was on first base. But with intelligent, identity-infused workloads, you can confidently take your business to cloud, knowing the “who” and “what” and avoiding all the “I don’t knows.”
1. IDC White Paper, Sponsored by Novell, "Intelligent Workload Management: Opportunities and Challenges," Doc.#223661, June 2010.