We've known for a while that centralised identity management provides a huge advantage when using complex and widely distributed systems. But who uses complex and widely distributed systems? Anyone who uses cloud computing, that's who.
There are so many moving parts to a public, hybrid, or multicloud deployment that security is a nightmare. The ability to assign centralized identities to all these parts — person, device, or data — allows for more control, as well as more flexibility.
This is the concept of identity-based security — the kind of identity management that was around before I could legally buy beer. Although it's an old concept, it saw wide adoption only as we moved to more distributed and complex systems, including the shift to service-oriented architecture in the mid-2000s and now the transition to cloud computing.
Adding value to the concept of identity-based security is the notion of centralized identity management, or what I call centralized trust. In short, this is the ability to provide credential validation services delivered from a central source.
This could certainly be at the enterprise level, and most people in enterprise IT would choose that option. However, as we move to cloud computing, it makes more sense that we centralize trust, well, in the cloud.
The idea is that each "actor" in a system — a device, person, database, server, or queue — goes to the mother of all identity servers to validate its credentials and be allowed access. This provides several advantages:
- The ability to have common identity validation for systems both inside and outside the enterprise, such as those hosted on public clouds
- The ability to centrally solve problems, such as identifying and neutralizing security problems
- The ability to spend less on enterprise security by relying on the centralized trust model to deal with identity management across external and internal systems
We have the same problem with this model as we had with cloud computing a few years ago: Enterprise IT does not trust anything that does not exist in its data center, especially security servers. However, for this notion to work, we must do exactly that: Take it out of the data center and centralize it in the cloud.
There are too many advantages to centralized identity management. That said, central identity management will be slow in coming — it can progress only as fast as people are willing to accept it.