by Brian Spector, CEO, CertiVox
Clearly, the application packaging standard APS has, over the last few years, gained significant traction. Driven by the SMB sector, which has embraced the procurement of enterprise-class computing capability in applications from managed service providers around the world, APS has become a critical element in the go-to-market strategy of hundreds of ISVs and thousands of Managed Service Providers.
CertiVox has embraced APS for some of its services, so I know first-hand its advantages – and some of its challenges. It’s fair to say that APS 1.2 didn’t deliver across the board. But what’s new in APS 2.0?
Users are king (but who are they?)
Driven by the feedback that users have given, APS 2.0 provides a dramatic increase in functionality over its predecessor in four key areas – user interface, provisioning, single sign-on, and authentication.
There isn’t the space here to go through all of these, but let’s take authentication as just one example. At all levels of the cloud “chain,” this is becoming a critical consideration. Recent high-profile “smash and grab” attacks, for example, have used username and password vulnerabilities in websites and enterprise systems to steal user data.
These attacks have highlighted that it is simply no longer enough for users to have an identity that the system recognises as being legitimate. Instead, they need to be in a position to prove that it is an identity of which they are the rightful owner? In other words, is a user – every user - really who they say they are?
Once it is clear that the user is who they say they are, then it becomes possible for the hosting industry to provide, for the first time, a secure single sign-on experience across all provisioned services – and this is absolutely what users want and need. It enhances usability, improves cross-sell opportunities and reduces churn, so it’s pretty darned important for user and provider alike!
Authentication – inbuilt!
In APS 2.0, for the first time, a combination of multi-factor and multi-party authentication, as well as strong, end-to-end encryption, can be inbuilt. This authenticates users at all levels. Administrators, for example, can authenticate themselves to configure service options and manage the storefronts and choose applications for their business.
Service Providers can also resell the authentication services to their hosting customers, who can use them for all kinds of products and services of their own, to capitalise on the exploding demand for strong authentication across the industry.
And it’s simple. Using nothing more complex than a 4-digit PIN, users can sign in securely to all provisioned services to which they are entitled. APS federates the users’ credentials across the relevant services using a highly secure encrypted token.
Make no mistake; this is single sign-on, strong security, with reduced vulnerability and increased flexibility and scalability – in one package. And no username and password to forget!
APS 2.0 – want to find out more?
If you are at Parallels Summit 2013, come and see our Developer Track on 6th February at 10:30, and learn about Extending APS packages with Single Sign-On.
I’ll also be looking at some of the other “pillars” of APS 2.0 that I describe above – and explaining more about how they give developers, service providers, ISVs, partners, end-users and others the competitive edge in the cloud.