Online Identity and Trust: Cloud-based Authentication Matters Here Online Identity and Trust « ‘Smart’ meters will require ‘Smart’ security | Main | VeriSign Customers Honored by Computerworld »
Cloud-based Authentication Matters Here
Han Dong, Senior Manager – Product Marketing, User Authentication
Thinking of moving your productivity apps to the cloud? Several tech-savvy folk like you have already deployed or are in various states of making the move to leverage an increasing number of enterprise productivity apps that live in the cloud. Just consider the benefits of cloud-apps:
Zero infrastructure investment / capital expenditure (for typical server & software installation, on-going care and feeding, etc.)
Quick-and-easy deployment and provisioning of applications (no need to install software on redundant servers or on every desktop), including multi-tenant (disparate organizations) sharing of pooled resources (of host CPUs, system failover, etc.)
Built for reliability, availability and scalability (RAS) – and thus allowing you to optimize cloud-app access, based on target SLAs, peak utilization, and data protection (fail-over, backup, mirroring, etc.)
Subscription-based “pay-as-you-go” consumption model (less expensive than big one-time license fees plus annual maintenance) – aka “Utility-computing model”
Centralized management, reporting, and maintenance
So if cloud-based services are the panacea for enterprise apps, where are the holes?
Granted you do have to relinquish some control over your IT infrastructure, since much (if not ALL) of the IT infrastructure is located off-site, in the cloud, and managed by a trusted 3rd party. But if ultimately your primary concern is to deliver access to important apps to your users and if doing it in the cloud is somehow more efficient and more cost effective, wouldn’t this scenario at least save significant IT budget spending – certainly in a budget-strapped, IT resource-constrained environment?
You may ask, what about security? Ahhh, the magic word…. Well, it turns out that while Cloud-based apps provide all the great taste of on-premise enterprise apps with fewer IT administrative calories, many of these apps have not addressed the necessity for stronger authentication – to ensure that users who access cloud-apps (and more importantly critical / confidential data) are legitimate and properly verified and authorized to have this level of access.
Two recent articles, one from the New York Times: Cyberattack on Google Said to Hit Password System, by John Markoff and another article from Tech Crunch: Los Angeles Bureaucrats Question The Transition To Google Apps, by Leena Rao, demonstrate a number of real-world examples of exactly just what can happen with popular cloud-based apps. In these articles, the theme is consistent with this very concern about the security of cloud-based apps. And that is, cloud-based apps – been there, done that, but now how are you going to protect users of these apps from getting spoofed or phished?
Strong authentication is what matters here. And VeriSign is committed to the cause of protecting user access with a number of solutions from PKI-based digital certificates on Smart Cards to One-time password credentials for Two-factor Authentication and Risk-based Authentication that leverages “behind-the-scenes” intelligence to monitor, analyze, and protect users from ID theft.
View the original article here