Earlier this week, Google confirmed that for several hours “a small set” of Webmaster Tools accounts were incorrectly re-verified for people who previously had access. This incident highlights the ‘identity silos’ companies often create as they leverage third party services. Identity silos are built when redundant user information is stored in each of the sites a user accesses. A lesson we’ve learned in enterprise architecture – sometimes with considerable pain – is that redundant data always comes out of sync eventually.
That learning applies in this case: Companies were managing the users for their Webmaster tools within Google’s infrastructure, separately from other user management processes they have for other applications. When we have these types of fractured user management approaches, it is inevitable that a third party service provider – Google in this case – will make decisions about a given enterprise’s users without all of the knowledge the enterprise has about the user.
Identity federation technologies have emerged over the last dozen years to address the issue highlighted by this attack, as well as others that are introduced by cloud computing and the BYOD trend. Standards such as SAML, OpenID, and OAuth have emerged and can be leveraged to create a more secure cloud-computing environment by enabling identity information to flow more freely.
These standards empower an enterprise to extend control of their existing security investments – including directories, user management, and strong authentication – out to SaaS and other third party applications. For example, in the case of the Google Webmaster Tools, if a company using Google had used SAML to authenticate users to the Webmaster tools service, they would be able to prevent the old administrative accounts from regaining access. Using the SAML protocol, Google would send the user back to the company they work for to authenticate – and because the company knows that user no longer works there they would tell Google not to allow access. This way, the company can be the authoritative source for the users that access the service, instead of requiring Google to authenticate users and maintain these kinds of account reset procedures independently.
None of this is a knock on Google. It has been one of the leaders in the development and implementation of federation standards. The biggest challenge has been making consumers of SaaS services aware of these issues, as well as the opportunities to solve them.