Skip main navigation

£199.99 £139.99 for one year of Unlimited learning. Offer ends on 28 February 2023 at 23:59 (UTC). T&Cs apply

Find out more

New Cloud Models to Consider

In this video, you will learn about two examples from the new model, IDaaS.
And you can see, just from the NIST specification, we have two more models that have occurred since that specification was defined. So let’s look at that first example of ID as a Service, PingIdentity. This usually uses Active Directory as an internal IDP or some internal identity provider. So it offers multiple options for authenticating against an existing directory service. It can support things like Google Apps, Office 365, or third party directories as well. PingIdentity is slightly different from some of the Ideas as a Service providers in that it does not store user identities in the product, in the cloud. So for this reason, PingIdentity has to have a very good level of connectivity to the local directory service.
PingFederate supports cluster deployments for high availability, and access to the corporate server is required for single sign on. We need some form of identity provider for PingIdentity to work with. So the benefits of not storing identity in the cloud relates to information management, information governance. We don’t have to worry about things like GDPR and storing identity in the cloud and it being lost. But this does increase the requirement we have for resilience. If we are using PingIdentity in the cloud for SSO, and we have on prem line of business applications, and an on prem directory service, those last two items may work in isolation. If the link between on prem services and PingIdentity isn’t there, the entire configuration may fail.
We may be unable to log on. So we want to think about managing this risk through the use of multiple connections to on premise servers. If we’re using Active Directory, perhaps we connect it to multiple domain controllers. We also may want to look at sensibly multiple internet connections, one to each directory server, to make sure we have that resilience. There is some work to do around configuring the connectors used with PingIdentity. The policies, as well, to make sure that the access is appropriate. The cost at the time of writing is around 25 pounds per user with PingIdentity, with around an additional $20 per year for multifactor authentication. Again, there are other providers.
We’ll look on the next slide and ensure this isn’t a sales pitch for any one provider. This is just to illustrate, broadly, the cost and the capabilities of these solutions. So the benefits of these kinds of solutions, solutions like PingIdentity, are that they can integrate with a broad range, by default, of external services. So things like the Google G Suite, PingIdentity, will integrate with very little configuration. So these guys have done a lot of the hard work. A very similar concept, another ID as a Service Provider, just a different way of doing it, is Microsoft Azure platform. Here what we’re doing is we’re extending our Active Directory services into the Azure cloud.
The benefit here is that we have the familiar Active Directory concepts. If you use AD OnPremise, we can extend that out to the cloud. And we’ve got the very similar security group with the very similar interfaces for the system administrators. So this can connect to and/or replicate with our On Premise AD. So we can actually have a copy of our directory service in the cloud. Now this can be very helpful for resilience. If we have other cloud based services connected to our Active Directory, this means that if our on prem services fail we have greater resilience. Again, provides very comprehensive reporting as a strength. Although some of the advanced reporting within Azure Active Directory are only available within premium tiers.
Free and basic service levels limit you to 10 single sign on applications at the time of writing. Again, with cost, the benefit of Azure can be that you can leverage some of your existing investment in Microsoft technologies. If you’re a Microsoft house, you’ve got lots of Microsoft licences already in place. You can extend some of those out at a lower cost. Again, as a provider, Microsoft offers a very strong range of connectors, as do most of these ID providers, cloud based IDPs. Just looking very quickly, we mentioned Backoffice as a Service. And I offered the example of Firebase. Here, we are accessing something like a NoSQL database. Very standard approach in terms of using REST-based requests.
It’s REST compliant, and it uses the standard JavaScript Object notation, JavaScript Object Notation. The storage is provided by Firebase. Again, it’s fairly commoditized. So we can draw down storage, we can draw down databases. These kind of Backoffice as a service, these Backoffice as a Service examples typically are optimised towards internet based services and apps. So we’re looking at support for websites for mobile apps. This is where they are predominantly used. They have very broad authentication support. They have built in provision for services like Facebook, Twitter, GitHub within Google Firebase. And this is provided through open authorization. And they have the ability, again, to support custom providers. Very, very new, Backoffice as a Service. But again, very strong model.
And it integrates well, and has been developed in line with some of those requirements arising from the development in mobile technology and also the growth of smartphone-type computing and tablet-type computing.

In this video, you will learn about two examples from the new model, IDaaS. These are PingIdentity and Azure.

You will also learn about Backoffice as a Service (BaaS) with the example, Firebase. BaaS is typically optimized for internet-based services and applications. This may be support for websites or applications and have broad authentication support.

Investigate and share: In this step, we share a few examples. But many others exist. Are there any significant examples from IDaaS or BaaS that you can share or find with your fellow learners?

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education