Enabling Cloud Infrastructure: A Service Provider's Perspective

by David Baum

SaskTel develops Identity as a Service Offering with Help from Oracle Enterprise Architecture

Part of the Oracle Experiences in Enterprise Architecture article series

Published November 2012

More than 52 percent of organizations that responded to an IDC Cloud Security Survey said that one of the barriers to adopting cloud services involved trusting an outside third party with user authorization, access, and identity management issues. Approximately 41 percent of these organizations feared a security breach from the use of SaaS applications and 40 percent expressed concerns about complying with industry regulations regarding user roles, privileges, and the trusted use of data.

In order to alleviate these concerns, SaskTel, the leading full service communications provider in the Province of Saskatchewan, is working with Oracle to offer cloud-based Identity and Access Management (IDAM) technology to bridge this security gap across various cloud deployment scenarios. SaskTel has partnered with Oracle to introduce a Cloud-based Identity and Access Management (IDAM) service that uses Oracle's Identity and Access Management suite of products to provide functionality normally affordable only to the world's largest enterprises.

John Hill, CIO and Executive Vice President at SaskTel, shared his story at the 2012 Oracle Enterprise Architecture Summit, recounting the challenges, the opportunities, and the role of enterprise architecture in creating SaskTel's cloud-based IDAM service offering.

"Identity Management is a key component of any IT strategy," Hill said. "We knew that our customers would welcome the low cost and rapid turn-up of a SaaS-based identity management solution. Traditional identity and access management infrastructure requires a significant amount of upfront capital and on-going operational expenditures."

Business Opportunities in the Cloud

SaskTel and its wholly owned subsidiaries have a workforce of approximately 4,800 employees. The Canadian company offers a wide range of communications products and services including voice, data, Internet, entertainment, security monitoring, messaging, cellular, wireless data and directory services. Saskatchewan's northern latitude is ideal for data centers, hosting, and cloud-based services, since cooling costs are minimal for most of the year. SaskTel has two production data centers in the province and is about to build a new Tier-3 data center as well.

To ensure its leadership and leverage its evolving data center infrastructure, Hill and other business-development experts are charged with identifying and creating next-generation services for SaskTel's evolving customer base. Many of these new initiatives are centered on cloud-based services. Both internally and externally, SaskTel needed a new identity management solution.

"Organizations that move applications into the cloud must bridge a security gap between on-premise and off-premise applications by providing comprehensive user administration, application authorization, authentication, and compliance reporting to address regulatory mandates," Hill explained.

In partnership with Oracle, SaskTel gathered a core group of business and IT experts to define and develop the IDAM solution. They augmented the team with Enterprise Architects from Oracle Consulting Services. Their objective was to align the team's functional business objectives with an IT strategy and execution plan, as well as to guide the creation of the new solution.

"Technology is the easy part for us," Hill said. "What we lacked was business architects-people who can translate the concept and value of technology into terms that business people understand.

"SaskTel is surrounded by innovative technologies, Hill added. "Turning 'potential' into 'reality' is often the job of enterprise architects."

Building a Cloud Profit Center

Previously SaskTel utilized a mix of identity and access management solutions from Computer Associates and Sun Microsystems. Internal auditors recommended that the company adopt a single identity and access management platform for internal use to eliminate duplicates and redundancies. Hill and his colleagues decided to develop a solution that could be resold commercially as well.

Oracle worked with the SaskTel IDAM Centre of Excellence to define the architecture and establish the multi-tenant design of the new cloud solution. The primary development task involved reconfiguring Oracle Identity Management Suite 11g to function as a multitenant environment. Hill described the new architecture as "an identity management breakthrough-a first for SaskTel as well as a first for Oracle."

Based on Oracle Identity Management technology, the solution enables small and midsize organizations to manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The high availability architecture, hosted in the SaskTel data center, is fully redundant and utilizes Oracle Real Application Clusters (RAC) and Oracle Database 11g.

All of the IDAM technology and infrastructure was created and delivered through the SaskTel Center of Excellence, a business unit that includes enterprise architects and subject matter experts. Today the Center provides a consolidated suite of services to solve a number of identity access and governance challenges. Customer benefits include the following:

  • Reduced capital expenses with subscription-based pricing
  • Lower management costs and simpler upgrades
  • Elastic scalability to increase or decrease the user base on demand
  • Rapid on boarding of users, partners, and service providers

Hill said the new SaaS solution is ideal for the SMB market, which he defines as organizations with less than 2,000 employees. The SaaS platform delivers enterprise-caliber solutions for identity governance, access management and directory services to help organizations strengthen security, simplify compliance and capture business opportunities around mobile and social access.

SaskTel also offers private identity management instances for large companies in healthcare, finance and other industries that must adhere to specific regulatory mandates regarding access to trusted information.

By partnering with Oracle to deliver its IDAM solution through a SaaS platform, SaskTel can include the cost of the hardware, software and on-going operation of infrastructure in the price of the service. Guided by the EA team, SaskTel will continue to invest in product evolution as the market demands, particularly with respect to security.

"There are always new threats and technologies that will try to undermine this type of environment," concluded Hill. "We will continue to leverage complementary solutions such as Oracle Exadata, Oracle Identity Management 12c, Oracle E-Business Suite, and Siebel. Enterprise Architecture best practices will be essential as the IDAM suite starts to expand."

Additional Resources