The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Maintaining security after a cloud computing implementation

Michael Cobb writes: You've successfully migrated your organization's selected applications and data into the cloud, and everyone has said what a great job you've done. But you and I both know the task of maintaining the security of these apps and data has only just begun. In this tip, I'll review which technologies and processes must be initiated, monitored and secured after a cloud computing implementation or initiative is up and running.

Cloud computing turns us all into remote workers, which makes identity and access management (IAM) one of the key challenges after a cloud computing move. It is important to have robust lifecycle management regarding users and user access so that user accounts, credentials and access rights are always relevant and up to date, including disabling an account when an employee leaves. Also look to initiate an IAM strategy that can make full use of federated identity management, which enables users to securely access data or systems across autonomous security domains.

More specifically, consider introducing single sign-on (SSO) for enterprise applications and leveraging this architecture to simplify cloud provider implementations. A move to the cloud will appear far more seamless to your users if they are already used to SSO, and it'll make managing trust across different types of cloud services less onerous. You will also have logged baseline data to help you monitor and gauge changes due to cloud activity.

A SSO product should use one of the common standards for implementing federation, such as Security Assertion Markup Language (SAML) and Liberty Alliance ID-FF. These standards extend existing access and identity policies from the internal network beyond the firewall and out to the cloud, while still enforcing the appropriate authentication strength mandated by your information protection and data classification policies...

Read the complete article in Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I