Those of you who already read one of my articles might have already realized that I am looking at the pain points of our environments with a focus on security. One thing that is driving me crazy is what is happening in the internet with regard to its usability and convenience having an impact on our social structures, society and industry in terms of authentication.
In my articles “Next Generation Security” and “Theorie about securing passwords” I have written about social networks being the authentication provider of the future. I still believe in this statement and I am even more convinced that there is a remarkable development when considering the impact on the software industry.
I believe that authentication is the key for the use of the internet. Everybody is talking about personalized content, user generated content, tagging and much more. All these mechanisms need to rely on a good and strong user authentication. Facebook, Twitter, linkedin and all the other usual suspects are there to offer their services.
I don’t exactly know the numbers of managed user accounts by traditional IAM (Identity and Access Management) suites but when it comes to the use of the public authentication providers I believe there are more users on the internet managed by Facebook & Co. than in private environments.
It is absolutely surprising that all the big names in the IAM market have failed to develop services delivering a strong and reliable authentication to internet users. They failed to realize that consumerization of IT increases the demand to also deliver authentication services to end users. If you want you may name it Infrastructure or Software as a Service. Very quickly we realize that we are talking about cloud computing services. Almost every bign(and traditional) IAM provider has also a cloud service offering which could have been a key to those customers that now need to rely on Facebook & Co.
If you may follow my line of argumentation you will agree that the key to internet applications is already in the hand of the big social networks.
Let’s try to anticipate what happens if nation states succeed to establish authentication services for the Internet Protocol stack. This means building global authentication systems for each and every device with access to the internet.
What would this mean to private in-house authentication systems? Right now I can’t imagine who might be able to deliver these services which I would name “Key to the Internet“. Right now the traditional software industry has not even tried to get this key into their fingers.
But stop – that’s not correct. Microsoft tried to established an authentication service – and failed due to the lack of value added services.