the identity perimeter

7/29/2019 The identity perimeter

1/13

Copyright Quocirca 2012

Bob Tarzey

Quocirca Ltd

Tel : +44 7900 275517

Email: [email protected]

Rob Bamforth

Quocirca Ltd

Tel: +44 7802 175796

Email: [email protected]

The identity perimeter

Using advanced single-sign-on to enable open business communications

September 2012

Successful businesses recognise the value of open communications within

and beyond their organisations. However, achieving this means that the

physical and virtual perimeters that had previously defined the reach of

most organisations IT systems have disappeared. This report makes the

case for the use of identity and advanced single-sign-on (SSO) to overcome

many of the issues of providing open integration between businesses and

their customers and partners.

It should be of interest to all those in roles charged with the responsibility

of providing secure access to online resources and to those who want to

make the case for rolling out new online services, but have to overcome

the security concerns of others in their organisation before they get the

approval to do so.
mailto:%[email protected]:%[email protected]:%[email protected]:%[email protected]:%[email protected]:%[email protected]:%[email protected]:%[email protected]


2/13


Quocirca 2012 - 2 -


Using advanced single-sign-on to enable open business communicationsIn most cases, only when the identities of the individuals requesting to use IT resources are firmly established should access be

granted. This applies to resources provided internally by organisations and to those sourced from third parties such as software-

as-a-service (SaaS) providers. For most organisations this includes external users from partners and customers as well as

employees. Since many of these access requests are coming from users in remote locations, often via mobile devices, centralised

provisioning and de-provisioning is essential. Advanced single-sign-on systems are one of the most effective ways to achieve

these goals.

Business thrives on

open interaction

Business managers recognise the value of open communications with partners and customers

as well as across their own organisations. A recent study shows that those businesses that are

good at doing this thrive compared to their competitors. Whilst such communication

empowers businesses it also means that both the physical and virtual perimeters of their

organisations IT systems are increasingly harder to define.

Understandingidentity is essential

for safe interaction

To safely enable such interaction and open up applications to support cross organisational

business processes requires a clear understanding who the individuals involved are. In other

words, identity is at the core of successful open interaction and, when well managed, it can

create a bridge between widely distributed individuals. Single-sign-on (SSO) systems are a

powerful way to achieve this goal. In effect they enable the establishment of a new perimeter

based on identity.

Knowledge of

identity comes from

many sources

For the majority of businesses, Microsoft Active Directory has become a de facto standard for

the storage of identities for internal users and some external users. However, there are many

other sources of identity that can be of value. These include consumer and business orientated

social networks, as well as business and trade membership organisations and government

databases. New ones will continue to emerge in the future.

A central identity

switch links users

with resources

The main aim of successful open interaction is to link people with IT resources, mainly

applications. Once their identity is known, advanced SSO systems can act as an identity switch

(or hub) linking them to the resources they are authorised to use and therefore ultimately toeach other. Increasingly, this includes externally sourced software-as-a-service (SaaS)

applications as well as internally provisioned ones.

Advanced SSO

provides many other

benefits

The one time strong and/or multi-factor authentication of users, saving them from

remembering numerous passwords and carrying multiple identification devices is a well

understood benefit of SSO systems. However, advanced SSO systems are also a place to

implement policy about access rights; for example limiting access based on the physical

location of a user.

SSO enables fast

provisioning and safe

de-provisioning

Users need access to many resources and that access is required from multiple devices, some

of which may be employee-owned (smartphones, tablets etc.) or owned by individuals working

for third party organisations. SSO can be used to rapidly provide the access required but

perhaps more importantly, can also remove all access in an instant, with no need to change

anything on the devices used for access. This is necessary to safely support the growing desire

for bring-your-own-device (BYOD).

There are a number

of approaches to SSO

The capabilities of SSO systems vary widely. Some consumer focussed ones are really just

central stores of usernames and passwords, which, whilst providing convenience, make users

less, rather than more, secure. The most advanced SSO systems use techniques such as

standards-based tokenisation for exchanging credentials and encryption for storing and

transmitting information as well as enabling co-ordination of policy. SSO systems themselves

can be implemented in-house or procured as on-demand services.

ConclusionsThe business case for investing in SSO is not just about security and risk reduction. Whilst these are major primary benefits,

advanced SSO is as much about business enablement and empowering employees, customers and partners to interact online.

Businesses that achieve this will have a competitive edge; those that do not will lose out.


3/13


Quocirca 2012 - 3 -

Introduction the value of open interaction

The authors of the 2012 Global CIO Study1

conclude that the top three priorities for businesses are empowering

employees through values, engaging customers as individuals and amplifying innovation with partnerships.

Clearly, these are all people issues that involve open communications. The report also shows that, increasingly, the

communications that drive this will be online, particularly through the use of social media (Figure 1).

The report goes on to say that there will be ever more

demand for transparency and the competitive need to

open up organisations to collaborate more [both]

internally and externally and that this emphasis on

openness is 30% higher among organisations that

perform well. In other words, organisations that

recognise the value of external collaboration are more

successful than those that do not.

With face-to-face communications, which mostrecognise will continue to play the most important

role, the ultimate identifier comes into play; people

recognise and remember each others faces. Even

when meeting new people, the circumstances that

lead to the meeting and the location it occurs in are

usually enough to provide the veracity needed to be

sure that someone is who they say they are.

When communication is online everything changes: there is no physical recognition and the location of the

individuals involved in a communication is often not known to the participants. However, for businesses to

successfully engage customers as individuals and innovate with partners online they must be certain that the

individuals involved are who they say they are. Identities are the keystones of the arches in the electronic bridgesthat connect organisations.

Overcoming some of the problems with provisioning, managing and authenticating identities is the subject of this

white paper. In particular it looks at the benefits of using single-sign-on (SSO) systems as an identity switch or hub,

which can open up the resources that are shared between users, be they an organisations own employees or those

of partners and business customers or, indeed, consumers. These resources may be provisioned internally or

procured on-demand from cloud service providers.

The paper should be of interest to all those charged with the role of providing secure access to online resources and

to those who want to make the case for rolling out new online services, but have to overcome the security concerns

of others in their organisation before they get the approval to do so.


4/13


Quocirca 2012 - 4 -

Who are you? The identity bridge

Most of us are fortunate enough to know who we are most of the time; proving it is another matter. In the physical

world proof involves an array of documents and devices. Land at an airport and you use a passport to get through

immigration, a debit card to get local currency and a driving licence to pick up a hire car. The online world is even

worse; many have tens or hundreds of different accounts to access with different identifiers for each one.

For businesses and public sector organisations the holy grail of identity management is to find a way of

authenticating users with a high level of confidence just once and providing them with secure access to a range of

resources; so called single-sign-on (SSO). This applies to their employees, but also individuals from external

organisations and/or, in some cases, consumers. An SSO system can act as a hub or switch; a single point of access

with a near-failsafe means of establishing identity, which will be tolerated by users as it becomes a familiar process

that does not need to be repeated every time a new resource is accessed.

One obvious benefit of effective SSO is to reduce the risk of IT systems being compromised through the

unauthorised use of lost or stolen passwords. However, there is much value beyond this. For businesses, SSO allows

processes to be put in place across their organisation and extended to customers and partners, which would havebeen hard to achieve without it. Users get transparent and hassle-free access to the applications they need to do

their jobs. IT staff can quickly provision new users and safely de-provision ones that no longer need access.

Increasingly, SSO has become available to businesses of any size as SSO systems themselves are made available as

on-demand services.

Effective SSO systems act as an identity bridge sitting at the centre of the major challenges of managing online

identities (Figure 2). These include accessing various sources of identity, authenticating a user against a given

identity, providing access to resources, applying access policies and managing identities.


5/13


Quocirca 2012 - 5 -

Sources of identityInformation about identities resides in various electronic databases. Most businesses run their own internal

database for employees, by far the most common being Microsoft Active Directory, which is almost a de facto

standard in larger organisations. Some organisations add external users to their internal directories; however, there

are plenty of other sources of identity for helping to authenticate outsiders. Some are run by government bodies,

others by commercial organisations.

In the consumer world many have accounts with Facebook, Google, PayPal and/or a number of other online

services. It is already possible in many cases that, having authenticated to one service, credentials can be passed to

another, for example, having logged into Facebook, Facebook Connect enables your Facebook login credentials to

be used to gain access to certain other online services. The open source service OpenID exists specifically to help

overcome the problem of managing multiple identities, a sort of SSO for consumers.

There are also sources of identity that bridge the business and consumer worlds. For example, LinkedIn accounts are

owned by individuals but are commonly used for business purposes. Before anyone had ever heard of LinkedIn the

same was true for many individuals that were members of professional or trade organisations. In many cases, just as

with LinkedIn, the membership of such bodies is a personal one that travels with the member from one job to

another.

For businesses, external sources of identity can be used

when providing access to broad groups of users, for

example doctors in private practices accessing

government-run healthcare systems or insurance

brokers logging on to the systems of the financial

services companies whose products they sell.

However, having multiple sources of identity also causes

headaches. Governments have historically built up huge

databases covering different physical and online

requirements; silos of identity across which there is little

correlation. This has also happened in businesses. Here

one of the main reasons for multiple databases of

identity has been because there are multiple IT systems

and applications: for example, separate identity

databases for Windows and Linux users, when there

may be a complete overlap between the users of both.

Another issue is with the growing use of software-as-a-

service applications (SaaS) sourced on-demand over the

internet, which around 40% of larger businesses say

they use (Figure 3), as do many small businesses. These

applications will often have their own directories of

users and mechanisms for authentication. The providers

of SaaS applications have their own security concerns,

making sure different customers sharing the same

platform remain discrete. Some businesses still harbour

security concerns about the use of cloud-based services,

which SSO can help overcome (Figure 4).


6/13


Quocirca 2012 - 6 -

Having many silos of identity is a problem that needs to be overcome. There are a number of ways around the issue

of multiple identity databases; these include:

1. Consolidate to a single directory there are tools that assist with this, for example allowing Microsofts Active

Directory to be used as a source of identity for other systems. The benefit here is a single internal directory. The

downside is that there will be external sources of identity that it may be hard to incorporate, especially if theseare for providing third party access.

2. Regularly synchronising directories for example, apply updates to Microsoft Active Directory in the first

instance and then roll out changes to other directories. This is unsatisfactory as many of the synchronisation

mechanisms will not be available off the shelf so they will have to be built. This leaves too much scope for error

and it will probably not be possible to update externally owned databases.

3. Single-sign-on an advanced SSO system can access multiple sources of identity, acting as an interface for

authentication and be a broker for access to a wide range of resources for both employees and external users.

Interfacing to different directories can be a challenge, but standards help. The main one for accessing identity

data is LDAP (lightweight directory access protocol).

Understanding a users identity is one thing, authenticating that the person who wants to use it as the owner of that

identity is another matter.

Proving identityAuthenticating that a user has a right to use an identity has long been a challenge. Many have lost confidence in the

simple username/password combination, especially if it is going to be used to open up a range of resources;

stronger and/or multiple means of authentication are desirable.

One of the most common ways of implementing strong authentication has been to use some sort of hardware

token. Others include bio-metrics, smartcards, mobile phones and checking the physical identity of the access

devices being used. All have advantages and drawbacks. In some cases strong authentication has been extended to

the consumer world, especially for online banking.

A big potential drawback with strong authentication is that it can mean having multiple physical devices to

authenticate to multiple different applications. Another is that users will be put off using many applications because

the process of accessing them is too cumbersome. One of the best ways to overcome these problems is SSO, where

a single point of authentication is provided.

To be clear, this need not mean that once the user has authenticated themselves that they have unlimited access to

all approved resourced wherever they are. Advanced SSO systems allow that to be controlled depending on the

context of the access request and the type of user; for example the access rights of an internal employee will be

different to those for business partners and customers.

Appl yi ng access pol ic iesGiving a user access to a wide range of resources via a single authentication has its dangers; even strong

authentication may be compromised. Once a user is in, how long do you leave it before automatically logging themout? Seconds, minutes, tens of minutes? If they are working in a shared workspace or a public place using mobile

technology this can be a problem. If they are a user from a partner or customer organisation it is harder to ensure

good practice is known and applied.

To this end policy needs to be put in place to control access to resources depending on the type of user and the

context of the user access request. For example, an employee known to be within the physical confines of the

workplace may be given access to email, CRM and the accounting applications. However, if they are requesting

access from an external location the use of the accounting application may be blocked. Employees working from a

desktop system in an office may be automatically logged out after 30 minutes of inactivity, whilst it may be after just

5 minutes for mobile users and those from third parties.


7/13


Quocirca 2012 - 7 -

It may also be desirable to vary the granularity of access between external organisations. For example an insurance

company may deal with many external brokers; however, those that have sold lots of insurances policies may be

given access to better deals than those that have sold fewer. The management of such access policies needs to be

dynamic and be updatable at short notice to suit changing business conditions. With a single point of access and

enforcement this can be achieved, providing capable management tools are used.

Identity managementThe provisioning of identities and their on-going administration requires a management system that addresses both

identities and the rights associated with them. This needs to operate at a number of levels, in some cases addressing

individual user requirements, but more often assigning rights and applying policies to groups of users. Some identity

management systems can, where necessary, link different identity databases through synchronisation. An

alternative to this is to use an SSO system as a broker between different identity databases and various applications.

Active Directory has a number of features that eases identity management: for example, the grouping of users by

job role, department, seniority etc. for which policies can be managed en-masse and the creation of default

identities for fast provisioning of new users. However, even when Active Directory is the main source of identity in a

given organisation, there may well be others that need to be used to provide access for partners and customers.

Once identity is under control, businesses can be more confident in making use of the innovations that are at the

core of contemporary open communications, namely mobile computing and the use of on-demand services. They

also have more confidence to put in place business processes that span multiple organisations. This has led to the

concept of identity as the new perimeter.

Identity as the new perimeter

When most computing was done on mainframes there was no need for SSO, it was implicit in the way computers

were accessed. The access perimeter was that of a single physical computer; identify yourself to it from a dumb

terminal and you could use the resources you were authorised to access. There was little need to provide access to

external users.

The coming of client-server in the late 1980s complicated things. PCs become common access devices and

applications could be running on a range of backend servers; for example email being run centrally as an enterprise

wide resource, whilst other applications were maintained locally by line of business. However, generally speaking,

mostly the devices involved were within the physical confines of a given organisations, linked by a private and

proprietary network; the network had become the new perimeter for computing. Most access was still confined to

the employees of a given organisation.

The commercial adoption of open networks, and the internet in the 1990s, complicated things further; networks

were no longer isolated, they were all becoming linked and could exchange information using common standards.

To maintain security, firewalls were introduced to police access, keep corporate networks private and maintain an

identifiable perimeter. This needed to be porous as more and more applications were enabled for use by externalusers.

However, the growing use of the internet has introduced two new challenges. First, it is not just external users

coming in; internal users are making more and more use of externally sourced on-demand applications running on

shared platforms run by third parties. Second, users, internal or external, could be anywhere, using various devices,

in some case personal ones rather than those owned and controlled by their employer.

In this world, there is no physical or network perimeter. The only thing can be used for sure to decide who has

access to what is a users identity. Identity can in effect act as the new perimeter, with an SSO system as the

enabler, connecting users with applications.


8/13


Quocirca 2012 - 8 -

Once an organisation has the capability to do this it can use SSO to drive a whole range of business processes that

would have been more complicated to implement otherwise. Here are few examples:

Linking both internal and external users with multiple cloud sourced applications, for example Google Apps

for email, salesforce.com for CRM and SuccessFactors for human resources

Insurers opening up certain applications directly to the hundreds of brokers they work with, using broker

association membership databases as a source of identity. An insurance company that adopts SSO will alsogain a competitive advantage if brokers find their systems easier to access and use.

Linking dealers into a car manufacturers supply chain applications, making available the various

applications that drive the relationship

Travel companies linking business people or consumers (perhaps using social media as a source of identity)

to a range of third party resources that they act as agents for such as airlines, hotels, car-hire companies

etc.

Seamless linking of mash-up applications over the internet; for example linking banks with CheckFree

printing service or hotels with car rental companies

Governments opening up a wide range of resources to citizens, by settling on one of their many databases

as the primary source of identity

However, the value of the most capable SSO platforms goes well beyond just linking users with applications. Thereare a wide range of other benefits too.

The extended value of SSO

So far, this report has made the case for using SSO to help enable three of the major changes going on in the way IT

applications are provisioned and used:

1. Opening up of internal applications to outsiders to create extended value chains

2. Easing access to the growing use of applications provisioned from cloud services providers (software-as-a-

service/SaaS)

3. Increasing mobility of users and the range of devices in use for remote access

For many businesses the need to provision diverse users with access to a multitude of resources will be enough

justification for the investment needed in SSO. However, the case is strengthened when a range of other use cases

and enhancements to business processes that become possible are considered.

The rapid provisioning and de-provisioning of usersWhen a user joins an organisation, getting them quickly up to speed will involve providing them with access to

various resources, an email account (perhaps using a hosted email service), access to an employee portal, a hosted

CRM system and so on. The same applies to a new partner joining a trading network or a consumer booking a

holiday. To provide a good service requires opening up the resources quickly and securely.

However, perhaps it is even more important to disable all access when the individual ends their relationship, be it an

employee resigning, a customer moving their account or a partner changing allegiance. Without an SSO system it

would be all too easy to leave in place access to the on-demand CRM system or email account. By disabling an

identity, all resources are immediately denied to a user. This is regardless of access device, on which no changes are

required.

The rapid provisioning of cloud services for multiple-usersIf an organisation has decided to move over to an on-demand application, for example an email service such as

Google Mail, how does it go about provisioning hundreds of accounts? One way is to use an SSO system, which has

the capability to automate the process and link them with existing known identities.


9/13


Quocirca 2012 - 9 -

Multi-device support and BYOD (bring you own device)The trend for users to make use of personally owned devices is well reported (Figure 5). SSO helps with this too; the

user can authenticate from any device, be it a company owned one, the employees own or even one that has been

borrowed. As has been said, polices can be created that limit access depending on the device itself or the location of

the user; the important thing is that the user has flexibility of access. Also, of course, when the users relationship

ceases there are no legacy access rights left on any of thedevices they have previously used to access resources.

Compliance reportingMuch of the interaction required between businesses

and their customers and partners involves the exchange

of highly regulated personal data, especially in the

financial services and healthcare sectors. However, as

data protection laws tighten all need to be on their

guard. At times it will be necessary to prove who has

been accessing what resources and what levels of access

given users have historically had. The logs kept by SSO

systems are an important input for this, providing acentral record of the access widely distributed users have

had to various applications and databases.

Service level agreement (SLA) monitoringMany are predicting that the use of SaaS applications will soar. As businesses make more use of such services, they

may not have direct access to information regarding the uptime of the applications they subscribe to; an SSO system

provides a good proxy for this. It can be used to record when problems are encountered by users trying to access

online services. This is essential to make sure that SaaS providers are meeting the SLAs they have committed to, and

also key to ensuring that the organisation itself is able to meet its own SLA commitments.

Ac tivi ty report in g

Users modify their behaviour over time as their needs change. Understanding this helps to adapt resources madeavailable to them; for example, pre-empting scalability issues.

Approaches to SSO

So far, SSO has largely been discussed generically. However, there are different approaches to achieving the goals

and these come with varying degrees of complexity and risk. At the low end are consumer focussed systems that

amount to little more than storing usernames and passwords in an online database with details of the applications

to which access is to be given. If anything, such systems increase risk as there is always a danger that the SSO system

itself is compromised.

Business focussed systems are more robust, but still vary widely. Some are really only suited for implementing SSO

in-house as they are based on proprietary protocols and are primarily capable of supporting the widely understood

goal of SSO of providing single point of authentication for users before opening up applications and other resources

to them. Such systems are usually based around a single internally held directory of users, most commonly

Microsoft Active Directory.

The most advanced SSO systems are standards-based and well suited to achieving the goal of better interoperability

between organisations; allowing users to share resources, including both those from SaaS providers and internally

provisioned ones. This is the concept behind the identity bridge discussed earlier; linking multiple organisations will

usually mean supporting a heterogeneous environment in terms of application platforms, user end-points and


10/13


Quocirca 2012 - 10 -

sources of identity. Where these also adhere to standards there will be no need for proprietary integrations if the

SSO system itself also supports the required standards.

There are a number of other basic questions that need to be asked of any SSO vendor as part of an evaluation

process. These include:

How are identities transmitted? Any system that does not use some form of encryption or tokenisation,especially when it is communicating over a public network, must be considered insecure. Rather than

transmitting the actual identity, using a secure soft token that represents the identity is far safer. Standards

such as SAML and OAuth (see below) support the secure exchange of identity data.

Where and how passwords are stored? The SSO system authenticates users and gives them access to various

applications. In the most secure SSO systems, login credentials for the target applications are stored in a highly

secure single central location over which the organisation providing SSO has control.

How is login to the target application achieved? Some systems simply replay login forms and insert user names

and password as this is done. This means these details have to be transmitted as clear text and pasted into the

login screen when access is required. Advanced SSO systems use sophisticated login methods such as standards

based tokenisation.

It should also be established which standards are supported by the SSO system as this is key to using multiplesources of identity and linking users with a range of resources. Some of the most important to look for are:

LDAP (lightweight directory access protocol) a standard for storing, reading and sharing identity data; Active

Directory is LDAP compliant

SAML (security assertion mark-up language) an open standard for securely exchanging authentication and

authorisation data, for example between an SSO system and an application. SAML has been well vetted and

provides a secure approach for the exchanging of identities.

REST (representational state transfer) a standard for accessing web-enabled applications. Many of the

resources that SSO systems need to provide access to will have APIs (application programming interfaces) that

are REST compliant. REST has superseded older standards such as WSDL and SOAP, as it is simpler to use.

SCIM (originally simple cloud identity management, now revised by an IETF working group to system for

cross-domain identity management) a standard designed to make managing user identity in cloud-based

applications and services easier when interfacing with SAML and REST compliant applications OAuth (open authentication) a standard that enables users to access resources without having to directly

disclose their login credentials; instead they use tokens

OpenID Connect an emerging standard that extends the consumer-oriented OpenID specification to support

more complex use cases, including REST-based calls.

Furthermore, there are choices about how SSO is deployed. In the past it has mainly been on-premise, but some

vendors now offer SSO as an on-demand service. The benefits of on-premise and on-demand systems need to be

weighed up; some may conclude a hybrid approach is best.

On-premise SSOUntil recently, enterprise-grade SSO systems have been deployed on-premise, often as a pre-configured appliance

primarily aimed at supporting internal users. Even with the increasing need to support external users, internallyprovisioned SSO systems remain desirable for some where there is a need to provide massive scalability that is

entirely in the control of the organisation providing the SSO facility; for example telecoms service providers.

SSO on-demand (identity as a service IDaaS)Recent years have seen the emergence of cloud provisioned on-demand SSO systems. These not only make SSO

available to business of all sizes, but they are also ideal for integrating access by broad communities of users across

multiple organisations where the majority are outsiders. Providing online SSO services meet the requirements

outlined earlier, they should be no less secure than on-premise ones. Indeed, as with any on-demand service, in

many cases they will be more secure and have higher availability than those managed in-house.


11/13


Quocirca 2012 - 11 -

Hybrid SSOFor some organisations a mix of on-premise deployment for employees with a cloud-based service for outsiders may

prove to be the most effective model. SSO suppliers that support both approaches should be able to provide

seamless integration between the two. Such hybrid deployments help address the diversity and complexity present

in many organisations, for example allowing access to some sensitive internal applications to remain isolated to

internal users only via an internally deployed SSO platform, whilst the growing need to incorporate external, mobileand remote users is well supported by IDaaS.

Conclusions

This report opened by highlighting the desire of CEOs for transparency and the competitive need to open up

organisations to collaborate more [both] internally and externally. Regardless of the technology used, it is clear that

IT is central to achieving this. Two industry trends, the use of on-demand resources and the mobility of users, will

continue to become more widespread. The technology implemented must support this.

That said, individuals still lie at the heart of most business processes and in most cases there is a need to know who

they are, that they are who they say they are, and what resources they have the right to access. It should also be

clear when those access rights no longer apply and that they can be removed safely, quickly and effectively.

Advanced SSO addresses many of these issues and the business case for investing is as much about business

enablement as it is about security and risk reduction. With the advent of on-demand SSO services these benefits are

now available to businesses of all sizes. Those that empower employees, customers and partners to interact online

will have a competitive edge; those that do not will lose out.

References

1 Leading Through Connections, Highlights of the Global Chief Executive Officer Study, IBM Corporation 2012http://www-935.ibm.com/services/uk/en/ceostudy.html

2 Outsourcing the problem of software security, Quocirca, March 2012

http://www.quocirca.com/reports/711/outsourcing-the-problem-of-software-security

3 Next Generation Datacentre Cycle II Cloud findings, Quocirca, April 2012

http://www.quocirca.com/reports/689/next-generation-datacentre-cycle-ii-cloud-findings

4 The data sharing paradox, Quocirca, September 2011

http://www.quocirca.com/reports/620/the-data-sharing-paradox
http://www-935.ibm.com/services/uk/en/ceostudy.htmlhttp://www.quocirca.com/reports/711/outsourcing-the-problem-of-software-securityhttp://www.quocirca.com/reports/711/outsourcing-the-problem-of-software-securityhttp://www.quocirca.com/reports/689/next-generation-datacentre-cycle-ii-cloud-findingshttp://www.quocirca.com/reports/689/next-generation-datacentre-cycle-ii-cloud-findingshttp://www.quocirca.com/reports/620/the-data-sharing-paradoxhttp://www.quocirca.com/reports/620/the-data-sharing-paradoxhttp://www.quocirca.com/reports/620/the-data-sharing-paradoxhttp://www.quocirca.com/reports/689/next-generation-datacentre-cycle-ii-cloud-findingshttp://www.quocirca.com/reports/711/outsourcing-the-problem-of-software-securityhttp://www-935.ibm.com/services/uk/en/ceostudy.html


12/13

About Ping Identity

Ping Identity | The Cloud Identity Security Leader

Ping Identity provides cloud identity security solutions to over 800 of the world's largest companies, government

organizations and cloud businesses. With a99% customer satisfactionrating, Ping Identity empowers45 of the

Fortune 100to secure hundreds of millions of employees, customers, consumers and partners, using secure, open,

standards like SAML, OpenID and OAuth. Businesses that depend on the Cloud rely on Ping Identity to deliver simple,

proven, and secure cloud identity management through single sign-on, federated identity management, mobile identity

security, API security, social media integration, and centralized access control. Visitpingidentity.com for more

information.
http://www.techvalidate.com/product-research/pingfederate/charts/744-2C4-468http://www.techvalidate.com/product-research/pingfederate/charts/744-2C4-468http://www.techvalidate.com/product-research/pingfederate/charts/744-2C4-468https://www.pingidentity.com/customers/index.cfmhttps://www.pingidentity.com/customers/index.cfmhttps://www.pingidentity.com/customers/index.cfmhttps://www.pingidentity.com/customers/index.cfmhttps://www.pingidentity.com/https://www.pingidentity.com/https://www.pingidentity.com/https://www.pingidentity.com/https://www.pingidentity.com/customers/index.cfmhttps://www.pingidentity.com/customers/index.cfmhttp://www.techvalidate.com/product-research/pingfederate/charts/744-2C4-468


13/13


About Quocirca

Quocirca is a primary research and analysis company specialising in the

business impact of information technology and communications (ITC).

With world-wide, native language reach, Quocirca provides in-depth

insights into the views of buyers and influencers in large, mid-sized and

small organisations. Its analyst team is made up of real-world

practitioners with first-hand experience of ITC delivery who continuously

research and track the industry and its real usage in the markets.

Through researching perceptions, Quocirca uncovers the real hurdles to

technology adoption the personal and political aspects of an

organisations environment and the pressures of the need for

demonstrable business value in any implementation. This capability to

uncover and report back on the end-user perceptions in the market

enables Quocirca to provide advice on the realities of technology

adoption, not the promises.

Quocirca research is always pragmatic, business orientated and

conducted in the context of the bigger picture. ITC has the ability to

transform businesses and the processes that drive them, but often fails

to do so. Quocircas mission is to help organisations improve their

success rate in process enablement through better levels of

understanding and the adoption of the correct technologies at the

correct time.

Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC

products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture oflong term investment trends, providing invaluable information for the whole of the ITC community.

Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that

ITC holds for business. Quocircas clients include Oracle, Microsoft, IBM, O2, T-Mobile, HP, Xerox, EMC, Symantec

and Cisco, along with other large and medium-sized vendors, service providers and more specialist firms.

Details of Quocircas work and the services it offers can be found athttp://www.quocirca.com

Disclaimer:

This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca has

used a number of sources for the information and views provided. Although Quocirca has attempted wherever

possible to validate the information received from each vendor, Quocirca cannot be held responsible for any errorsin information received in this manner.

Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and

reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details

presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented

here, including any and all consequential losses incurred by any organisation or individual taking any action based

on such data and advice.

All brand and product names are recognised and acknowledged as trademarks or service marks of their respective

holders.

REPORT NOTE:This report has been writtenindependently by Quocirca Ltd

to provide an overview of theissues facing organisationsseeking to maximise theeffectiveness of todaysdynamic workforce.

The report draws on Quocircasextensive knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficient

environment for future growth.
http://www.quocirca.com/http://www.quocirca.com/http://www.quocirca.com/http://www.quocirca.com/

the identity perimeter

Documents