Symantec announced the general availability of its O3 cloud-based single sign-on (SSO) and authentication service at the RSA Conference this morning, which adheres to a concept company CEO Enrique Salem outlined exactly a year ago at RSA 2011. Symantec also provided detail on future capabilities the O3 cloud service will have for data-loss prevention and encryption.
"O3 is cloud identity and access management," said Nico Popp, Symantec vice president of product management. Businesses using it to manage authentication and access for users with any type of device can leverage their existing identity infrastructure, such as LDAP, Oracle or Microsoft database, to establish the initial authentication procedures in an agentless process through the O3 Gateway. This gateway, a login portal that will display applications that the individual is allowed to access, basically functions like a reverse proxy, Popp explains.
The first version of O3 delivers SSO access control and log management, plus strong two-factor authentication from a variety of third-party vendors if more than simple passwords are needed. Basic pricing runs about £32 per user per year for 500 seats.
Data loss prevention
In the future, O3 capabilities will expand to include cloud-based data-loss prevention and encryption related to specific traffic the business wants to protect.
"We could intercept a file going to Dropbox, for example, and submit it to DLP and decide whether it's appropriate to send to Dropbox," says Popp. Another security control would be blocking data until it was submitted for encryption in some form. Symantec acquired encryption vendor PGP two years ago and is drawing from expertise and technologies gained there.
In other RSA news, Symantec said it's put together a three-day training program based on the Cloud Security Alliance (CSA) documentation intended to share security concepts and practices. The cost would be $2,100 per person.
Symantec has also pressed forward into architecting its existing security products, such as its data-loss prevention (DLP) and control compliance suite, for integration into the VMware vShield security controls available in the vSphere platform. Symantec and VMware today jointly announced achievements made so far.
"What we're jointly saying is it's possible to be as secure in a virtualised environment as in a physical environment," said Francis deSouza, senior vice president, enterprise security group, at Symantec. And as far as specific products go, "we're saying these things are available to our customers now."
According to Todd Zabrovitz, senior product marketing manager at Symantec, it's now possible for Symantec DLP, for example, to align with vShield App, VMware's hypervisor-based application firewall, to share cross-platform data related to attacks. Other Symantec products also aligned more closely with vShield include Critical System Protection intrusion prevention, Security Information Manager for security event and log management, and Endpoint Solution. Some of the integration pertains to how consoles from VMware and Symantec can share data for security purposes, and Symantec will be demoing how all this works at the RSA Conference this week.