451 Group Report on Intel Cloud SSO

As we introduced Intel Cloud SSO Beta last week at RSA conference, Steve Coplan, Senior Analyst with the 451 Group Enterprise Security Practice wrote a report on Intel’s solution.

Few highlights from the report:

• Intel’s cloud access broker strategy, predicated on the convergence of authentication and federation with API governance, as well as roadmap integration of McAfee security functionality, makes for a compelling vision.
• Intel is looking to make a splash by providing bundled pricing for application connectors, federated single sign-on (SSO) and authentication.
• As we outlined some three years ago, by introducing a new network topology, cloud computing establishes the need for a new network device that we refer to as a cloud access gateway. As the API revolution takes hold, security and access management for the cloud is a stepping stone to solidifying Intel’s ambitions to addressing the opportunity.

You can read the complete 451 Group research report here.

Intel introduces IAM as-a-service for cloud apps

At the RSA conference 2012 this week, we’re excited to introduce a new cloud service “Intel Cloud SSO” for Enterprises to provide Identity and Access Management (IAM) for cloud applications from the cloud. The service runs on Salesforce’s Force.com platform as-a-service (PaaS), and offers secure seamless single sign-on access to 100+ SaaS applications through pre-built connectors. End users have to remember just one password to login into the service’s SSO portal, from where they can launch all the applications they are allowed to access. This single sign-on experience eliminates password sprawl, improving security and user productivity. To help Enterprise IT deal with on-boarding/off-boarding of users, the service includes role based automated provisioning/de-provisioning of user accounts into cloud apps.

Intel Cloud SSO service is the cloud version of the Intel Expressway Cloud Access 360 (Intel ECA 360) on-premise software which was released during last year’s RSA conference 2011. We’ve implemented “Freedom Licensing” for both products that allows customers to use either Intel Cloud SSO or Intel ECA 360, or both, for the same license fee, providing ultimate flexibility to our customers.

The service provides enhanced security and improved IT controls by:

• Including One-time Password based step-up authentication when accessing secure cloud apps. The built-in One-time Password technology supports mobile soft-tokens through a downloadable mobile app.
• Customers using Intel Ultrabook client devices to access cloud applications can leverage the service’s seamless trusted device authentication by integrating with Intel Identity Protection Technology.
• Including policies that IT can use to restrict access to cloud apps based on various contextual elements such as: which mobile device the user is accessing from, accessing from corporate network or not, etc.
• Customers can use their corporate identity store (such as Active Directory) and Kerberos to authenticate into service’s SSO Portal, thereby eliminating even the password required to sign in to the service’s SSO portal.

Do I need to be an IAM expert to use it?

No. When we were building Intel Cloud SSO, we laid out basic tenet for the service – keep it simple. Anybody should be able to configure and use it, and shouldn’t require special skills. Having worked with other IAM systems in the past, this wasn’t an easy goal to achieve …

How can I get access to the service?

Currently, the service is in a Beta phase. You can apply for Beta by visiting www.intelcloudsso.com.

Is it available through McAfee?

McAfee (an Intel company) already sells Intel ECA 360 software as McAfee Cloud Identity Manager under the McAfee Cloud Security Platform (read post), and plan to include this service in its portfolio later this year.

Vikas Jain is Director of Product Management at Intel Corporation responsible for Cloud Identity and Security Products. You can follow him on Twitter @VikasJainTweet

Case study: Embedding cloud SSO portal into Sharepoint

A Registered Investment Advisor (RIA) firm designed to provide financial services to high net worth individuals is using IAM technology to remain competitive and provide attractive services to both clients and Wealth Advisors. The firm also needed to establish business relationships with strategic partners delivering a variety of services, including fixed income inventory and strategies, retirement planning, a private trust and banking division, insurance & annuities, and more.

Requirements:

1. Embedding cloud SSO portal into Sharepoint – The firm was already using Sharepoint as their company portal. The cloud IAM SSO portal needed to be integrated into Sharepoint as a webpart.
2. Non-SAML applications – The firm was using more than a dozen on-demand applications that didn’t support federation standards such as SAML. The solution had to support single sign-on (SSO) into such applications as well.
3. Branding and customization – The solution should be re-brandable and customizable to company’s look-n-feel as it gets rolled out to the firm’s clients.

On top of it, being part of regulated industry where they are responsible for handling their client’s financial assets, they needed a solution that was secure from end-to-end. The firm chose Intel Expressway Cloud Access 360 (ECA360), and rolled out the solution for its Wealth Advisors initially with a plan to roll it out to its clients in the future.

How did Intel Cloud Access 360 fill their requirements?

1. Embedding cloud SSO portal into Sharepoint – Cloud Access 360 SSO portal publishing all the applications that can be single signed on, can be fully embedded into Sharepoint as a webpart without requiring any additional authentication.
2. Non-SAML applications –  Cloud Access 360 supported all the desired applications through either native connectors using custom APIs or form based authentication.
3. Branding and customization – The logo and look-n-feel of the end-user facing SSO portal page of Cloud Access 360 can be completely branded and customized using CSS style sheets.

According to the firm’s CIO, “The flexibility, security and other capabilities provided by Intel Expressway Cloud Access 360 will enable it’s firm to leapfrog legacy RIA environments and offer an architecture to harness  the entire financial services Rolodex* in a seamless, connected experience.”

Looking for more of such customer case studies – find them here

Webinar: Federal Cloud Security Initiatives Explained – Choosing the Right Standards and Technologies

Join us on 10/6  at 2pm Eastern Time for an exciting and informative webinar:

Federal Cloud Security Initiatives Explained – Choosing the Right Standards and Technologies

Mapping the alphabet soup of federal cloud security initiatives is a daunting task. Tim Grance from NIST and federal security expert Gunnar Peterson join forces to decompose the funded programs and standards initiatives to recommend an adoption path for cloud security. Tim begins with a grounding in NIST’s baseline cloud security architectures/guidelines. Gunnar follows with insight into how these practices have been incorporated into programs such as NSTIC, FedRamp, FICAM, Cyberscope, and DOD-PKI.  This will be followed with additional guidance on some of Intel’s solutions from Intel Application Security & Identity Products Chief Architect, Andy Thurai. A group discussion will comment on the adoption timelines, real world use cases, and applicable COTs commercial technologies. Attendees of this webinar will receive a copy of Gunnar Peterson’s Federal Cloud Security white-paper. Sponsored by Intel & McAfee.

Register here:

http://washingtontechnology.com/webcasts/2011/10/intel-mcafee-cloud-security-100611.aspx?tc=page0

 

2-factor authentication and SSO to Salesforce and Force.com apps

Salesforce and Force.com applications share the same identity management infrastructure. This allows a user logged into Salesforce to access other applications deployed on Force.com platform without entering credentials again (aka Single sign-on). This works very well except it doesn’t solve the following 3 problems

1. How can I ensure that authentication into Salesforce for my users is secure using techniques such as 2-factor authentication? And, for any way they access Salesforce – through web browser, mobile app, or Outlook add-in.
2. How can I ensure that my users leverage the credentials from Enterprise user stores such as Active Directory instead of creating another set of credentials in Salesforce?
3. How can I ensure that my users get Single sign-on (SSO) experience not just between Salesforce and Force.com applications, but also when they access other SaaS applications outside the Force.com platform?

Intel Expressway Cloud Access 360 provides a solution addressing all the above problems (and more). It bundles 3-in-1 solution providing Federated SSO, 2-factor strong authentication, and user account provisioning linking Enterprise credentials to Salesforce/Force.com.

• Federated SSO is provided into Salesforce and Force.com implementing the Security Assertion Markup Language (SAML) standard that Salesforce supports
• 2-factor strong authentication is implemented before the user is federated into Salesforce/Force.com using One Time Password (OTP) delivered as soft tokens over mobile devices such as iOS (iPhone, iPad), Android, Blackberry, and Windows devices.
• User provisioning and de-provisioning is implemented using REST APIs exposed by Salesforce

To learn more about how Cloud Access 360 integrates with Salesforce and Force.com, visit

• Cloud Access 360 solution page for Salesforce
• AppExchange listing of Cloud Access 360

6 Minute Podcast Primer on Cloud Access Security

Join Intel Director of  Product Management, Vikas Jain, of the Application Security & Identity Products Group in this brief podcast as he summarizes some key issues around Cloud Access Security. Some things you’ll learn:

• What is Cloud Access 360?
• How can you simplify and secure account management with cloud apps through automatic provisioning / deprovisioning of accounts?
• What is Single Sign On (SSO) and  how do you get seamless connectivity to the cloud, and between applications already in the cloud?
• What is Client Aware Security and what is Intel doing to ensure that requests are coming from attested clients?

Listen to the podcast:  here You can get more information about Cloud Access 360 by visiting: www.dynamicperimeter.com

CloudTweaks.com Discusses Expressway Cloud Access 360

Make sure to read the informative and insightful discussion about Intel Expressway Cloud Access 360 between Intel Director of Product Management for Application Security and Identity Products, Vikas Jain, and Anthony Park, from Cloudtweaks.com. Read the post and understand why Anthony calls Cloud Access 360 a “very impressive and elegant solution”.

Posting can be found here

Intel® Expressway Cloud Access 360 is a software product that enables federated access from the enterprise to the cloud and vice-versa. It bundles provisioning, federated single sign-on(SSO), strong authentication, and client aware access control – all into one packaged solution providing control, visibility and compliance to enterprises adopting cloud SaaS applications.

You can learn more about Expressway Cloud Access 360 and even download an evaluation of the software by visiting www.dynamicperimeter.com