Identity in a hybrid world

Most enterprises nowadays run on a hybrid IT infrastructure, partly in the cloud, partly on-premise. Line-of-business managers across sales and marketing, operations and HR have brought in cloud applications to solve specific business challenges that wouldn't wait. Meanwhile the IT department is still running the core business systems in the traditional way.

The problems come when users start noticing they have to log in to each cloud application separately from the core enterprise systems. Or the IT department realizes how much time and effort it's spending clearing up when people leave the company or move between departments. Those problems had been solved within the existing IT infrastructure, but the existing solutions aren't easy to extend into the cloud.

The reappearance of such identity management problems has created opportunities for cloud-focused companies such as Ping Identity, OneLogin and Okta. They have stepped in with systems that let people access all their applications with a single login that's managed from the cloud.

"We usually see a company that has a VPN and a bunch of stuff behind the firewall," Okta's CEO Todd McKinnon explained to me when I met with him in the company's San Francisco headquarters a couple of months ago. "They couldn't put the cloud apps behind the VPN, so they adopted Okta. We've really grown because we can connect to everything now."

Microsoft cloud

Even Microsoft is getting in on the act, announcing yesterday a preview of a new Windows Azure capability that offers single sign-on to cloud applications. The gallery of forty pre-integrated apps ranging from Dropbox and Gmail to Salesforce.com and Microsoft's own Office 365 looks remarkably similar to offerings from the likes of Okta and OneLogin.

Circumventing the difficulties of linking cloud applications into Microsoft's Active Directory has certainly proven a rich furrow for Okta to plow. McKinnon is especially scathing about a Microsoft utility known as Active Directory Federation Services (ADFS), which has allowed customers to plumb cloud applications into their existing Active Directory setup using web services protocols.

"Microsoft puts out this ADFS, so the customers are like, 'Cool, this is going to be easy'. But you have to have multiple different Microsoft servers that have to be set up with your VPN and it's really hard to do," he told me.

"Their move to the cloud is confusing people and we're benefitting from it."

Identity shift

The main reason startups like Okta have been able to make headway against more established vendors such as Microsoft and Oracle is that the cloud has brought a shift in the nature of identity management. People's roles are changing more rapidly and they're participating in a more diverse set of activities, while using a larger number of interchangeable devices. Identities have to work across enterprise boundaries, too — Okta's most recent new feature is designed to help enterprises manage the identities of their partners and customers.

These changes in the way people are working have led to a need for a more fluid system of access management. As McKinnon explained to me:

"Computing is becoming more people centric. You want IT to be people centric, you don't want it to be technology centric. You want to be thinking about how can we get the right information to the right people to make them effective. Access management — what sits between people and information — is a critical piece of the utility."

Enterprise transition

Okta is growing fast, with 300 enterprise customers as of May, including well-known names such as Clorox and Western Union in the US and Gatwick Airport in the UK. The company's headcount has soared from 50 to 160 employees in the past year and will pass 200 by early next year, McKinnon said.

Several customers see Okta as an overlay that allows them to better manage a hybrid infrastructure. Its ability to act as the initial access point for both on-premise and cloud applications also makes it easier to swap out certain parts of the infrastructure as time goes on, for example replacing ageing on-premise applications as they transition to cloud alternatives.

"What we're building is a system of record for who can go where," McKinnon told me. "We'll be done when every app, every device, every user can connect via Okta."

Fine words indeed but the mission statement is equally applicable to several of Okta's competitors. It's still early days in the evolution of this category of software service and for the moment all of the players have plenty of room to grow. Time will tell which of them can best serve the needs of enterprises as they attempt to marry the on-premise and cloud worlds.

Image credit: © jamdesign - Fotolia.com