What are the challenges, requirements, and solutions for Identity Provisioning with SaaS, IaaS, and PaaS?
Cloud computing offers its services through various models. Software as a Service (SaaS) allows users to use their provider’s applications running on a cloud. The provider controls and manages the cloud infrastructure, which includes servers, operating systems, and storage. SaaS is often referred to as “on-demand software.” When it comes to identity provisioning, SaaS services require quick and efficient methods of setting up users, permissions, and verifying access. With SaaS models, a single user may need to access a wide variety of different cloud services that each need finely-tuned identity verification procedures; to help this situation, multi-stage setups can be utilized to create business-level objects, such as departments or territories, each with a group-based level of identification measures and permissions. SPML (Service Provisioning Markup Language) and other languages and systems can also be utilized to automate some of SaaS’s identity processes (CSA, 2010).
Infrastructure as a Service (IaaS) is the most basic cloud-service model; it offers computing infrastructure such as virtual machines to its subscribers. Data centers provide IaaS’s resources. For larger-area connectivity, customers can use the Internet or carrier clouds. The Cloud user maintains the operating system as well as the application software. Typically, IaaS’s are primarily managed by developers or IT administrators, giving them the power to assign identities and permissions as they see fit. In my experience, I tend to assign roles and permissions based on department or services that each user requires. The difficulties in IaaS identity management seem to appear during business growth or personnel changes, leading to cloud administrators frantically attempting to audit who has access to what, how long they have access to it, and what they need to be able to do their job.
Platform as a Service (PaaS) uses programming languages, services, and libraries provided by the provider to deploy into cloud infrastructure consumer applications. The user only has control over the deployed applications. PaaS offers a development environment using a toolkit and channels for payment and distribution. PaaS’s often either establish identities for their users or requires their customers to create their own; due to PaaS’s often developer-focused customers, automated provisioning can be simpler than SaaS due to the fewer users and their needs. With developer access to a PaaS, they can issue permissions based on the user’s access requirements, such as developers, administrators, and end-users. Identity provisioning can also be accomplished through API support and manual entry.
CSA. (2010, April). Domain 12: Guidance for Identity & Access Management V2.1. Retrieved October 5, 2020, from https://assets.cloudsecurityalliance.org/legacy/wp-uploads/2011/07/csaguide-dom12-v2.10.pdf.
Chickowski, Ericka. (2013, May). Identity Management in The Cloud. Retrieved October 5, 2020, from https://www.darkreading.com/identity-management-in-the-cloud/d/d-id/1140751.