Symantec is counting on the cloud to drive innovation in authentication and identity management.
cloud is a big part of Symantec's business model, as the company provides many
of its core capabilities-message filtering, data loss prevention, backup,
recovery and encryption-as cloud-based services. Now the company is counting on
the cloud to drive innovation in authentication and identity management.
acquired VeriSign's security business, Symantec has offered a hosted authentication service that
verifies users' identities before giving them access to computer systems. Customers also use this
technology in soft tokens based on user smartphones
as part of a two-factor authentication
there's an "opportunity for further innovation," Enrique Salem, the CEO of
Symantec, told eWEEK.
"How do we have the big
breakthrough in authentication?" he asked. Ideally, he said, the Symantec
employee logging on to Salesforce.com should be able to use the same password
as the one used to log
on to the corporate network.
That is the
vision behind Symantec O3, the cloud security service Salem unveiled earlier
this year at the RSA Conference. It's expected to launch officially in 2012.
Symantec rolled out the early access program for select customers at its Vision
conference in Barcelona, Spain, on Oct. 4.
for public, private and hybrid cloud infrastructures, Symantec O3 creates a
single "control point" for all the enterprise's cloud applications and systems,
employing the same identity and information security profile for each employee across each system. Essentially, O3 collects
credentials for all cloud applications in one place and provides employees with
a Web-based universal log-in service.
needs to be federated out to the cloud, according to Salem. Symantec is basing
its new platform, which will be available both on-premises and on-demand, on
the VeriSign authentication technology.
service-which combines access control, information protection and compliance control-sits on top of multiple
cloud offerings and allows administrators to apply internal security policies
to external clouds. Symantec said it expects to support the top 200 cloud
applications in O3 at launch, including Microsoft Active Directory, Google
Docs, Concur and Salesforce.com.
Salem said he's a "big believer
in single or reduced sign-on," in which there is "as close to one password as
possible" for corporate assets. However, he doesn't think one blanket password
policy should be applied to all Websites, and noted that it is not as critical
for employees to change passwords on a site like United.com every 90 days.