Open-Xchange’s WebRTC-based OX Messenger voice, video and text messaging app will become available from December, the company said on Thursday. As I reported earlier this year, the plugin-free app was developed alongside Dutch VoIP firm Voiceworks. The German company’s OX App Suite tools are mostly for telcos and hosting providers that want to offer customers an alternative to the likes of Google Apps (Hangouts, or Microsoft’s Skype, in this case) though they can also be installed for use in the enterprise. OX Messenger plugs into the rest of the OX App Suite, making it possible to call or message from within email chains, for example. It will also offer calls to regular lines.
Over the past five years, security topped the list of concerns about cloud computing. Rightfully so, if security is truly a concern, it should also serve as an inhibitor to cloud adoption. However, many of the security issues raised are red herrings that take the focus off true security risks when considering cloud-based solutions. One of those risks has to do with identity.
One of the fundamental means to security is often based on identity. For many, this means a username and password that is based on Microsoft’s Active Directory framework. This works well for applications and services located on-premises or within the company’s network.
Enter the cloud
When cloud-based applications come into the fold, there is often a new set of credentials issued. You might be ‘crawfordt’ on one system and ‘crawford.tim’ on another system. Or more confusing is two systems with ‘crawfordt’, but with different passwords. Yet, both credentials refer to the same person. Start to multiply this by the number of cloud-based applications in use along with the number of users and it leads to an exponential number of combinations to manage.
The field of Identity Management solutions
Enter the Identity Management (IM), Single Sign On (SSO) applications and services for cloud. A few of the common solutions are Active Directory Federation Services (ADFS), Okta, Ping Identity and Symplified among a dozen or so products on the market today. Each with a varied list of features but commonly address two fundamental issues: Identity and Provisioning/ De-Provisioning.
The most common feature across systems is IM. Identity refers to the identity of the individual. One individual may have multiple identities that are used for different systems. Even so, the individual will authenticate with a single username/ password. Or they may authenticate using two-factor authentication (something you have and something you know). As part of SSO, those authenticated credentials are then passed to authorized systems that are part of the SSO system. This eliminates the need for different systems to prompt for login once a user has been authenticated. When using internal applications, it is easy to tie into Active Directory (AD) as the authentication system.
When using cloud-based services and applications, the problem is not so simple. Theoretically, a hole could be made in the firewall to allow said cloud service access to AD. Unfortunately, that opens up Pandora’s box in terms of other security related threats.
The solution is to leverage a cloud-based SSO solution that can tie back to the established AD infrastructure in a secure manner. That way, only one application (the cloud-based SSO solution) would connect to AD from the outside. All other external applications and services would in turn connect to the cloud-based SSO solution. Many SSO solutions also provide a comprehensive solution that covers both on-premises and cloud-based applications.
When a user connects to a cloud-based application using this setup, they would use their standard credentials. This eliminates the need for different credentials across multiple systems. Not to mention the nightmares avoided from managing password changes across the systems too. AD becomes the ‘system of record’ and all other systems look to it directly or via the SSO solution.
Provisioning and de-provisioning
More solutions are starting to include Provisioning and De-provisioning or the ability to automatically setup (and remove) users in different systems based on a set of criteria. For example, when user ‘crawfordt’ is setup in AD, provisioning can automatically setup their account in a number of different cloud services based on the AD tree or setting for that user. Likewise, when the user leaves the company and is removed from AD, it automatically removes their access from all of the other systems that are part of the federation.
Automatically provisioning and de-provisioning users is a valuable tool as the number of different cloud-based solutions in use increase over time. This automation removes the user errors and speeds up the time to provision and de-provision therefore further reducing risk.
Standards in flux
The way the different systems exchange credentials and information is often based on one or more of the following standards: SAML (or SAML 2.0), OAuth (or OAuth 2.0) and OpenID. Not all of the solutions support all of the standards. Similarly, it is important to look at the portfolio of cloud-based solutions in use to determine the standard most commonly supported.
Administration and risk
There is quite a bit of risk from manually managing identities across the growing number of cloud-based applications. Any cloud strategy today needs to include a strategy for SSO and IM outside the corporate network and into the growing landscape of cloud-based providers. The alternative of manual management requires a level of discipline and process that is both easy to do, but equally easy to deviate from. And those deviations will lead to open opportunities from orphaned accounts or unauthorized access to sensitive corporate data. With today’s sensitivity around data, the wise decision is to leverage a cloud-based SSO and IM solution.
It may have disappeared in the rest of the world last year, but MSN/Windows Live Messenger still hung on in China — until now.
Your new VoLTE phone on T-Mobile may be able to make the occasional HD call, but not much else. That will change as VoLTE evolves into more than just a voice technology.
Facebook’s blockbuster $19 billion purchase of WhatsApp won’t necessarily kick off a consolidation wave. There aren’t that many more major OTT players left in the market that aren’t focused on Asia.
Fleep aims to supplant both instant messaging and email for small businesses and organizations. It’s a busy space, but the team certainly has a promising heritage — and a refreshingly asynchronous approach.
Skype never dominated the mobile space the way it has dominated the PC, opening the door for numerous OTT communications rivals. TextMe believes it has combined the best features of Skype, WhatsApp and Pinger into a single mobile app.
Multiprotocol instant messaging app imo.im is getting more vocal. The new iPhone app now supports VoIP calls over cellular and Wi-Fi between imo users. Voice is a tricky business for a startup with no established customer base, but luckily imo already has 700,000 daily users.
Nimbuzz didn’t impress when it launched its VoIP and instant messaging app, but thanks to the evolution of mobile, the company crossed a new milestone: 100 million users. Now that we want to choose where, how and on what device to communicate Nimbuzz’s future sounds good.
Your Facebook or LinkedIn account doesn’t have a phone number, but one day it might if Tyntec has anything to say about it. The German company wants to build a virtual mobile phone into any Web 2.0 service, bridging the gap between over-the-top apps and mobile.