VMware, Symantec work up cloud-based single sign-on security services

There's a thunderbolt of change coming in cloud-based identity management, with new possibilities for single sign-on (SSO) and provisioning through cloud-based services.

Symantec and VMware are separately working on their own approaches to cloud-based SSO and identity management, Symantec with its "Project Ozone" and VMware with "Project Horizon."

CASE STUDY: Pharmaceutical firm retires Microsoft environment for cloud services

While discussed at VMworld recently, Project Horizon still seems to be exactly that, on the horizon. There's a little more light being shed on Symantec's Project Ozone, which now has officially been given the product name "O3."

Expected to debut next year, O3 will be a way that information technology managers can exert policy-based access control for employees whether they have mobile devices or traditional computers. The O3 service will grant the managers access to any authorized cloud-based service or network, while this access record is maintained for audit and compliance purposes. O3 will be the central point for provisioning and de-provisioning of user access privileges based on a wide means of authentication varying from simple password to stronger means, such as two-factor tokens.

With cloud-based SSO, Symantec will be following where others, in their own approaches, have gone before, including Hitachi, Symplified, Okta, IBM Tivoli, Courion and Ping Identity. It's still a nascent market, ripe with the expectation that IT managers will need cloud-based provisioning of users in a world of cloud-based applications.

"It's targeted as a security service," says Rob Koeten, senior technical director for O3, which he calls a "security layer" to encompass employee mobile devices or PCs. Essentially, O3 calls for funneling traffic through a proxy-like service and gateway associated with identity. For enterprise use, O3 could exert granular control over exactly how a sales employee could use the Salesforce software as a service, for example, says Koeten. When it debuts next year, which is Symantec's goal, O3 will support the top 200 cloud-based services, he says.

Like Symantec, VMware has long been eyeing cloud-based identity management. With its Project Horizon ballyhooed for more than a year, VMware is nurturing its aspirations without tipping its hand too much. (Coincidentally, Symantec CEO Enrique Salem alluded to O3 during his keynote at this February's RSA Conference, on the same day RSA president Art Coviello was touting Project Horizon, in which he said RSA is working with VMware on compliance-based security for cloud-based services.)

Project Horizon is still largely a vision statement made in 2010 with no specific delivery date. But VMware CEO Paul Maritz highlighted the ongoing development in his recent VMworld keynote address, saying Project Horizon is "a set of technologies" that will offer "the ability to associate information to people, not devices." Using cloud-based identity management, it will be possible to control user access to applications, including where they may be downloaded, such as to Android devices, something VMware demoed at the show.

"One of its services is authentication and directory federation" that's aimed at the SaaS-based environment, Maritz said about Project Horizon in a press briefing, noting VMware gained some foundational SSO and access management technology through its acquisition last year of TriCipher.

Today, it's mainly the smaller industry players, such as Okta, Ping Identity and Symplified, that are showing that enterprise customers will adopt new modes of cloud-based single sign-on for the cloud-based services they use.

Amag Pharmaceuticals, for example, which is using the Okta service for identity management, relies on it as the linchpin for provisioning and de-provisioning of a wide variety of SaaS applications.

"All the conduits sit at Okta," said Nathan McBride, executive director for IT at the Lexington, Mass.-based company. "The user authenticates to Okta." At the same time, McBride says he doesn't worry about lock-in since it would be easy to simply switch from one cloud-based SSO service to another, if need be. "If we left Okta tomorrow, I'd just cancel my service," he says.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecMicrosoftsecurityVMware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts