Novell Launching IAM into the Cloud

Novell is unveiling a cloud-based security service to perform identity and access management for hosted applications and hosted storage. The vendor plans to unveil the technology next week at a conference in San Diego.

Novell plans to pull the covers off a cloud computing security service designed to provide identity and access management for hosted applications and storage next week.

The company will showcase the new technology, as well as a compliance reporting suite, at the upcoming Burton Group Catalyst Conference in San Diego. The service is currently in a private beta and is slated to be generally available in the fall.

Based on more than 60 cloud-related patents and patent applications, the Novell Cloud Security Service is aimed at enabling cloud providers and software-as-a-service (SAAS) vendors to ensure their offerings meet security and compliance standards. Through the service, cloud computing providers can accept trusted identity information in multiple formats without having to replicate credentials at their site and manage those credentials separately.

According to Novell, the service leverages proxy technology so that critical information is never exposed, and supports multiple industry standards used by both public and private clouds to allow customers to control security policies and industry regulations between cloud environments and their organization's data center.

"Security concerns are the No. 1 inhibitor to enterprises adopting cloud computing," said Dipto Chakravarty, vice president of worldwide engineering at Novell, in a statement. "Any cloud assets used by an enterprise must be treated as an extension of the data center with the policies and procedures in place to enforce regulatory compliance and prudent business practices. Cloud computing will not be successful if it forces the enterprise to engage a separate and distinct operating environment."

Burton Group analyst Dan Blum had similar thoughts.

"In traditional IT environments, organizations control their applications, servers and storage infrastructure," he said in a statement. "In an internal cloud environment, the architecture changes, but not the complexion of control. However, the control architecture changes profoundly for public cloud offerings such as Amazon EC2, Google Apps or Salesforce. When it comes to putting your IT resources and sensitive data such as personal names, addresses and phone numbers into the cloud, control and trust issues must be addressed."