Amid all the excitement about the Brave New World of cloud computing, one fly has entered the ointment, particularly among early adopters that have gone ‘all in’ on cloud — sign-on. A company deploying Google Apps for core productivity, Salesforce.com for CRM, Workday for ERP and back-office, and SuccessFactors for employee performance management will need to provision and de-provision the rights to use these systems and make the logins for each service easy for users so they aren’t locked out of services and aren’t compromising security.
With a welter of services available and security at a premium it’s a challenge facing many CIOs and several companies have stepped up to attempt to crack the single sign-on (SSO) conundrum and the associated issues of handling user identifies and permissions in a way that admins can quickly configure and control.
Some of the newcomers are squarely focused on the cloud opportunity. Okta in San Francisco is a startup attracting some buzz, in part because its CEO Todd McKinnon is another of the ex-Salesforce crew and because its board includes Aneel Bhusri, co-founder of Workday, and Ben Horowitz of VC powerhouse Andreessen Horowitz. Investors in its $50m-plus war chest include gilt-edged names like Sequoia Capital, Greylock Partners and Khosla Ventures. (Bonus fact: the name ‘Okta’ derives from the meteorological term for a cloud cover measurement unit.)
OneLogin is another San Francisco-based company that is also ploughing the furrow of SSO in the cloud. The company was founded by Danish brothers Thomas and Christian Pedersen who now operate as CEO and CTO respectively. The company has so far raised $6m funding in its three-year history and has stakes from the likes of the CEOs of Yammer (sold to Microsoft last year for about $1.2bn) and Zendesk, the fast-growing Danish helpdesk company where the Pedersens previously worked.
OneLogin also has that ultimate proof of enterprise seriousness – customers. There are 700 in total, with better-known names including News Corporation, NetFlix, Pinterest, Concur, Livestrong and Condé Nast.
Unlike Okta, OneLogin has already made a push into the EMEA region and sales director for the area Daniel Power sees the pair in a duel for the keys to the front door of client devices that have their back-ends in the cloud.
“The time is right for cloud-based SSO,” Power says. “IT has been putting their heads in the sand, ostrich-like when it comes to cloud apps and they have to become an enabler for lines of business.”
UK-based jobs site Reed.co.uk, is a OneLogin user. Reed has been a pioneer in using cloud services, using or trying a laundry list of suppliers including Zendesk, Google Apps, Airwatch for mobile device management, SAP Business ByDesign for finance, Jive for collaboration and Box for file sharing.
Mark Ridley, director of technology at Reed, said that OneLogin had helped the company deal with user demands. A previous survey of their needs saw simplified access to cloud services as the number-one request. Today, users can even have private sessions on personal tools like Facebook catered for and in private.
“Following on from the implementation, the issue of access has fallen out of the top 10 suggestions for improvement,” Ridley says.
Okta, OneLogin and others that have deep domain knowledge in integrating cloud services are certainly attracting attention and stand a chance of becoming the standard for the growing crop of all-cloud startups. But other SSO and identity and access management firms are adding cloud know-how to their quivers.
Some come at the problem from a broader single sign-on (SSO) and identity/access management and provisioning angle. There’s Ping Identity, for example, with its funding having recently been more than doubled to $78m in a move many see as anticipating an eventual IPO. Also factor in Sail Point with over $100m in annual revenues and Aveksa, recently acquired by RMC’s RSA security division for $225m.
These companies argue that, in most cases, cloud services will have to be integrated with on-premises services. It may be that the smart money will be on companies that stretch beyond the cloud to on-premise systems and provide a set of tools for everything from single sign-in to identity management/identity access management (IDM/IAM), provisioning and proof of regulatory compliance across platforms, big back-office software systems and ore.
“[Companies like Okta and OneLogin] came at it from a pure-play cloud point of view but there’s no doubt they’re going to be pulled into doing more on-premise and compliance,” says Jackie Gilbert, CMO of Sail Point, which boasts a raft of customers from the financial/insurance world including Aviva and Société Générale.
“My sense is that we can bring that depth to the cloud faster than they could address a 250,000-person financial institution. But cloud is changing requirements and buying preferences. This whole area is red-hot right now.”
But OneLogin’s Power takes another view saying that the company can offer a lightweight approach that automates the process of getting users on and off systems with simple safeguards so that companies can focus on getting the most out of their investment in cloud services.
“We’re more about getting stuff done rather than the traditional IDM/IAM on-premise world where the process can be so onerous that the project lasts for nine months then it goes out of the window. We’re maturing pretty rapidly to become a complete cloud ecosystem much more than an on/off switch. It’s not just replacing a bunch of passwords; it’s about automating on-boarding.”
Martin Veitch is Editorial Director at IDG Connect