Best Practice: A Hybrid Enterprise in a Cloud First World
You’ll laugh, you’ll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You’ll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.
- Migrating to the cloud can be hard; mergers and acquisitions of companies is hard; M&A of hybrid cloud enabled companies is very hard.
- How to manage the cloud vendor relationships through integrations
- Identity and Security planning to make integrations successful in a cloud world
Identity-as-a-Service Securing PostNL’s 100% Cloud Strategy
PostNL deals in letters, parcels and everything related to letters and parcels. PostNL is with 60.000 employees and 3.4 billion of revenues the leader in The Netherlands and PostNL also works in Belgium, Luxembourg, the United Kingdom, Germany and Italy. Volumes in the letters business are declining and therefor cost cutting and having flexibility in cost both in Business and in IT are a key target for PostNL. For this reason, PostNL announced a 100% go to Cloud strategy where execution will be finished by the end of 2015 by migrating all on-premise hosted applications to the Cloud: “from on-premise/customized to cloud-based/standardized IT”.
Identity and Access Management is an essential part of the security domain within the PostNL Cloud Orchestration Kernel to facilitate the 100% Cloud Strategy and to comply to security standards and certifications for ‘securing the cloud’. Through the IAM project Identity and Access Management is implemented for PostNL employees using the services of the IDaaS provider iWelcome – so a cloud service in itself. This full IDaaS service includes amongst others: availability of all employee identities, a login page including (two factor) user authentication, a portal (launch pad) for cloud application, user provisioning and authentication to relying parties, single sign-on/log-off and self service.
Generally speaking there are five main areas in Identity Management being: (1) Identity Governance (business processes around so-called authoritative sources like SAP HR); (2) Identity Provisioning; (3) Identity Authentication and Access Management and (4) Application Authorization (business logic in the destination applications).
Theo Punter will share his experiences with the audience about implementing IDAAS for the enterprise.
- Current IAM solutions could not keep pace with developments in the cloud, mobile apps and federations;
- With IDAAS PostNL is able to lower TCO significantly and thus serving improvements in PostNL’s market position
- Suppliers preferably to big to fail … but partnership and flexibility is a key value as well
- Stick to standards and enforce them
- Define I&AM policies upfront to CSP’s (as part of contract)
- Over 90% use SAML2.0 for authentication but SCIM as a standard for provisioning is not there yet
- Don’t mix cloud with on-premise unless you design on-premise on cloud principles.
- Release and transition management becomes even more important
- Don’t make critical IT plans on product roadmaps of suppliers.