451 Group Report on Intel Cloud SSO

As we introduced Intel Cloud SSO Beta last week at RSA conference, Steve Coplan, Senior Analyst with the 451 Group Enterprise Security Practice wrote a report on Intel’s solution.

Few highlights from the report:

• Intel’s cloud access broker strategy, predicated on the convergence of authentication and federation with API governance, as well as roadmap integration of McAfee security functionality, makes for a compelling vision.
• Intel is looking to make a splash by providing bundled pricing for application connectors, federated single sign-on (SSO) and authentication.
• As we outlined some three years ago, by introducing a new network topology, cloud computing establishes the need for a new network device that we refer to as a cloud access gateway. As the API revolution takes hold, security and access management for the cloud is a stepping stone to solidifying Intel’s ambitions to addressing the opportunity.

You can read the complete 451 Group research report here.

Intel introduces IAM as-a-service for cloud apps

At the RSA conference 2012 this week, we’re excited to introduce a new cloud service “Intel Cloud SSO” for Enterprises to provide Identity and Access Management (IAM) for cloud applications from the cloud. The service runs on Salesforce’s Force.com platform as-a-service (PaaS), and offers secure seamless single sign-on access to 100+ SaaS applications through pre-built connectors. End users have to remember just one password to login into the service’s SSO portal, from where they can launch all the applications they are allowed to access. This single sign-on experience eliminates password sprawl, improving security and user productivity. To help Enterprise IT deal with on-boarding/off-boarding of users, the service includes role based automated provisioning/de-provisioning of user accounts into cloud apps.

Intel Cloud SSO service is the cloud version of the Intel Expressway Cloud Access 360 (Intel ECA 360) on-premise software which was released during last year’s RSA conference 2011. We’ve implemented “Freedom Licensing” for both products that allows customers to use either Intel Cloud SSO or Intel ECA 360, or both, for the same license fee, providing ultimate flexibility to our customers.

The service provides enhanced security and improved IT controls by:

• Including One-time Password based step-up authentication when accessing secure cloud apps. The built-in One-time Password technology supports mobile soft-tokens through a downloadable mobile app.
• Customers using Intel Ultrabook client devices to access cloud applications can leverage the service’s seamless trusted device authentication by integrating with Intel Identity Protection Technology.
• Including policies that IT can use to restrict access to cloud apps based on various contextual elements such as: which mobile device the user is accessing from, accessing from corporate network or not, etc.
• Customers can use their corporate identity store (such as Active Directory) and Kerberos to authenticate into service’s SSO Portal, thereby eliminating even the password required to sign in to the service’s SSO portal.

Do I need to be an IAM expert to use it?

No. When we were building Intel Cloud SSO, we laid out basic tenet for the service – keep it simple. Anybody should be able to configure and use it, and shouldn’t require special skills. Having worked with other IAM systems in the past, this wasn’t an easy goal to achieve …

How can I get access to the service?

Currently, the service is in a Beta phase. You can apply for Beta by visiting www.intelcloudsso.com.

Is it available through McAfee?

McAfee (an Intel company) already sells Intel ECA 360 software as McAfee Cloud Identity Manager under the McAfee Cloud Security Platform (read post), and plan to include this service in its portfolio later this year.

Vikas Jain is Director of Product Management at Intel Corporation responsible for Cloud Identity and Security Products. You can follow him on Twitter @VikasJainTweet

Case study: Embedding cloud SSO portal into Sharepoint

A Registered Investment Advisor (RIA) firm designed to provide financial services to high net worth individuals is using IAM technology to remain competitive and provide attractive services to both clients and Wealth Advisors. The firm also needed to establish business relationships with strategic partners delivering a variety of services, including fixed income inventory and strategies, retirement planning, a private trust and banking division, insurance & annuities, and more.

Requirements:

1. Embedding cloud SSO portal into Sharepoint – The firm was already using Sharepoint as their company portal. The cloud IAM SSO portal needed to be integrated into Sharepoint as a webpart.
2. Non-SAML applications – The firm was using more than a dozen on-demand applications that didn’t support federation standards such as SAML. The solution had to support single sign-on (SSO) into such applications as well.
3. Branding and customization – The solution should be re-brandable and customizable to company’s look-n-feel as it gets rolled out to the firm’s clients.

On top of it, being part of regulated industry where they are responsible for handling their client’s financial assets, they needed a solution that was secure from end-to-end. The firm chose Intel Expressway Cloud Access 360 (ECA360), and rolled out the solution for its Wealth Advisors initially with a plan to roll it out to its clients in the future.

How did Intel Cloud Access 360 fill their requirements?

1. Embedding cloud SSO portal into Sharepoint – Cloud Access 360 SSO portal publishing all the applications that can be single signed on, can be fully embedded into Sharepoint as a webpart without requiring any additional authentication.
2. Non-SAML applications –  Cloud Access 360 supported all the desired applications through either native connectors using custom APIs or form based authentication.
3. Branding and customization – The logo and look-n-feel of the end-user facing SSO portal page of Cloud Access 360 can be completely branded and customized using CSS style sheets.

According to the firm’s CIO, “The flexibility, security and other capabilities provided by Intel Expressway Cloud Access 360 will enable it’s firm to leapfrog legacy RIA environments and offer an architecture to harness  the entire financial services Rolodex* in a seamless, connected experience.”

Looking for more of such customer case studies – find them here

What the Analysts are Saying…

Read what the analysts are saying about Intel & McAfee’s cloud access broker strategy.

Here’s a “birds-eye-view” on our new Analyst Consensus page

-Jeff

Government Solutions Resource Center

If you haven’t already seen it, Intel^® Application Security & Identity Products has released a new Government Solutions Resource Center  that is a must-see. Whether you are looking for information on Identity Credential Access Management, High Assurance, Cross Domain Information Sharing, NIEM, NSTIC or other info about other current Government concerns, I highly recommend you check out this resourceful center. Among other things, it has webinars featuring distinguished NIST leaders, pertinent information on a whole range of relevant topics, and introduces how Intel & McAfee are addressing some of the current IT challenges in the Government.

 

 

Intel® And Box® Join Forces For Increased User Convenience And Security

Cloud-based solutions empower organizations to exploit leading-edge technology, reduce costs, and improve productivity. A prime example is using secure file sharing solutions like Box® (www.box.com) to enhance collaboration, both within the organization and between enterprises.

Today, we are pleased to announce that Intel® has entered into a relationship with Box, a leader in the on-line file sharing and collaboration market. Now, Box customers can accelerate access to, and better protect, files stored on the Box cloud platform with end-to-end user account lifecycle management, consistent with enterprise security policies.

Box customers can use Intel® Expressway Cloud Access 360 (Intel® ECA 360) to provision and manage accounts on the Box platform, provide single sign-on (SSO) to their customers, and improve security with strong, multi-factor authentication, when needed. The combination of Intel ECA 360 and Box will help drive usage, improve productivity and address regulatory compliance directives. For more, visit the  Secure File Sharing resource page.

Cloud Access 360 2.0 version released

We’re happy to announce general availability of Intel Expressway Cloud Access 360 (ECA 360) 2.0 release. This new release adds a range of exciting new features designed to simplify and improve our customers ability to manage user’s access to popular cloud applications. Key new features and benefits include:

Built-in SSO portal	An out-of-box SSO portal is available with the product that can run standalone or embedded inside existing portals such as Sharepoint. Users authenticate once to the portal and enjoy convenient, seamless SSO access to any authorized cloud app. As SSO portals expose keys to the kingdom, login to it can be protected with 2-factor authentication using mobile based One Time Password (OTP) offered through the bundled OTP module.
More connectors	New out-of-the-box connectors are  available for popular cloud apps such as Microsoft Office365, Cisco WebEx, Box.Net, Service-Now, SugarCRM, Zoho, EchoSign, Schoology, and Joomla.
Transparent HTTP form-based SSO	Not every SaaS application support SAML based federation today. This feature allows customers to bring non-SAML apps into the SSO portal providing convenient, seamless access to users and enabling IT to achieve better control and visibility on SaaS application usage. This is achieved by enabling users to register user ID and password once on a web site and capturing the data for transparent SSO the next time the user accesses the app. The process is transparent to the user as they don’t even see the log-on screen.
Salesforce as an Identity Provider	Instead of authenticating the user against Active Directory, ECA 360 allows the user to be authenticated using Facebook, Google, Yahoo, and any OpenID provider. With this release, Salesforce as an Identity Provider has been added to this list. This enables our customers to let its contractor, partner and affiliate users to login into ECA 360 SSO portal using Salesforce credentials and further access cloud applications they are authorized to access.
Enterprise-class scalability	ECA 360′s ability to support more than 10,000 concurrent user authentications has been tested and verified.
Higher performance and availability	ECA 360 administrators can now run multiple instances in a clustered environment.
Other improvements	These include: support for short URL entry in a mobile browser, new compliance reports, and various bug fixes.

To learn more about the new and improved ECA 360 v2, please visit our web site at www.intel.com/go/identity.

Webinar: Federal Cloud Security Initiatives Explained – Choosing the Right Standards and Technologies

Join us on 10/6  at 2pm Eastern Time for an exciting and informative webinar:

Federal Cloud Security Initiatives Explained – Choosing the Right Standards and Technologies

Mapping the alphabet soup of federal cloud security initiatives is a daunting task. Tim Grance from NIST and federal security expert Gunnar Peterson join forces to decompose the funded programs and standards initiatives to recommend an adoption path for cloud security. Tim begins with a grounding in NIST’s baseline cloud security architectures/guidelines. Gunnar follows with insight into how these practices have been incorporated into programs such as NSTIC, FedRamp, FICAM, Cyberscope, and DOD-PKI.  This will be followed with additional guidance on some of Intel’s solutions from Intel Application Security & Identity Products Chief Architect, Andy Thurai. A group discussion will comment on the adoption timelines, real world use cases, and applicable COTs commercial technologies. Attendees of this webinar will receive a copy of Gunnar Peterson’s Federal Cloud Security white-paper. Sponsored by Intel & McAfee.

Register here:

http://washingtontechnology.com/webcasts/2011/10/intel-mcafee-cloud-security-100611.aspx?tc=page0

 

2-factor authentication and SSO to Salesforce and Force.com apps

Salesforce and Force.com applications share the same identity management infrastructure. This allows a user logged into Salesforce to access other applications deployed on Force.com platform without entering credentials again (aka Single sign-on). This works very well except it doesn’t solve the following 3 problems

1. How can I ensure that authentication into Salesforce for my users is secure using techniques such as 2-factor authentication? And, for any way they access Salesforce – through web browser, mobile app, or Outlook add-in.
2. How can I ensure that my users leverage the credentials from Enterprise user stores such as Active Directory instead of creating another set of credentials in Salesforce?
3. How can I ensure that my users get Single sign-on (SSO) experience not just between Salesforce and Force.com applications, but also when they access other SaaS applications outside the Force.com platform?

Intel Expressway Cloud Access 360 provides a solution addressing all the above problems (and more). It bundles 3-in-1 solution providing Federated SSO, 2-factor strong authentication, and user account provisioning linking Enterprise credentials to Salesforce/Force.com.

• Federated SSO is provided into Salesforce and Force.com implementing the Security Assertion Markup Language (SAML) standard that Salesforce supports
• 2-factor strong authentication is implemented before the user is federated into Salesforce/Force.com using One Time Password (OTP) delivered as soft tokens over mobile devices such as iOS (iPhone, iPad), Android, Blackberry, and Windows devices.
• User provisioning and de-provisioning is implemented using REST APIs exposed by Salesforce

To learn more about how Cloud Access 360 integrates with Salesforce and Force.com, visit

• Cloud Access 360 solution page for Salesforce
• AppExchange listing of Cloud Access 360

Forrester Cloud Jam Session DAY 2: The Authoritative ID Store Is Dead – How the Cloud Changes Provisioning

Join us this Thursday, July 28, 2011 at 1PM Pacific (replay will be available after initial broadcast) as Andras Cser, Principal Analyst, Forrester and Vikas Jain, Director of Product Management, Intel Cloud Identity & Security shed light on how account provisioning should be added to deliver enterprise class secure cloud access implementations.

Register here:

As IdM in the Enterprise evolved, all software programs from operating systems, middleware, and applications as well as networking programs such as VPN converged on integrating with a single authoritative ID store based on LDAP protocol. The cloud is changing this as every SaaS application tries to maintain account information about users leading to emergence of multiple identity silos. On the other hand, many SaaS providers are eyeing identities they manage as business assets to create stickiness with their products and getting in the race of becoming authoritative identity provider themselves. These couple of scenarios are leading to new challenges to solve in the identity provisioning and synchronization space.