Symantec O3 Focuses on the Cloud

Symantec is counting on the cloud to drive innovation in authentication and identity management.

The cloud is a big part of Symantec's business model, as the company provides many of its core capabilities-message filtering, data loss prevention, backup, recovery and encryption-as cloud-based services. Now the company is counting on the cloud to drive innovation in authentication and identity management.

Since it acquired VeriSign's security business, Symantec has offered a hosted authentication service that verifies users' identities before giving them access to computer systems. Customers also use this technology in soft tokens based on user smartphones as part of a two-factor authentication mechanism.

However, there's an "opportunity for further innovation," Enrique Salem, the CEO of Symantec, told eWEEK. "How do we have the big breakthrough in authentication?" he asked. Ideally, he said, the Symantec employee logging on to Salesforce.com should be able to use the same password as the one used to log on to the corporate network.

That is the vision behind Symantec O3, the cloud security service Salem unveiled earlier this year at the RSA Conference. It's expected to launch officially in 2012. Symantec rolled out the early access program for select customers at its Vision conference in Barcelona, Spain, on Oct. 4.

Intended for public, private and hybrid cloud infrastructures, Symantec O3 creates a single "control point" for all the enterprise's cloud applications and systems, employing the same identity and information security profile for each employee across each system. Essentially, O3 collects credentials for all cloud applications in one place and provides employees with a Web-based universal log-in service. 

Identity needs to be federated out to the cloud, according to Salem. Symantec is basing its new platform, which will be available both on-premises and on-demand, on the VeriSign authentication technology.

The O3 service-which combines access control, information protection and compliance control-sits on top of multiple cloud offerings and allows administrators to apply internal security policies to external clouds. Symantec said it expects to support the top 200 cloud applications in O3 at launch, including Microsoft Active Directory, Google Docs, Concur and Salesforce.com.

Salem said he's a "big believer in single or reduced sign-on," in which there is "as close to one password as possible" for corporate assets. However, he doesn't think one blanket password policy should be applied to all Websites, and noted that it is not as critical for employees to change passwords on a site like United.com every 90 days.