Online Identity and Trust: Meditations in an Analyst Summit
Online Identity and Trust « RSA and VeriSign team up on Cloud-based, Two-Factor Authentication offering | Main | Blogging about Blogs – VIP Access for Mobile getting noticed » Meditations in an Analyst Summit
Han Dong, Sr. Product Marketing Manager, User Authentication
Greetings VIP Blog fans,
I’m here at the 2009 Gartner Identity & Access Management (IAM) Summit. The day started off with a keynote presented by Earl Perkins, one of the lead Gartner analysts who explained how much IAM has evolved over the years – highlighting the fact that there are several IAM lifecycle elements (Planning, Process, and Problems) to consider and several key business drivers (improving security, reducing risk, and meeting regulatory requirements) in deploying an IAM solution. And at the end of the day, four of the analysts presented as a panel and reviewed the 2009 “Magic Quadrant” (classic Gartner MQ) trends and developments for each of the IAM disciplines in User Provisioning, Web Access Management, Enterprise Single Sign-On (SSO), and Authentication.
One mid-day session titled “Google Case Study: Lessons From Google’s IAM Initiatives For Cloud-Based Applications,” presented by Eric Sachs, Google Product Manager, was particularly interesting. Eric’s presentation covered essentially two topics: Federated login as a Service (or Cloud-based SSO) and Strong Authentication beyond passwords. Eric explained that the challenge of provisioning user accounts, managing multiple logins and passwords, and ensuring strong security and reliability is driving the movement towards a Federated login structure, built on open standards (OAuth and OpenID) and hosted in the cloud to support a host of Software as a Service (SaaS) applications.
With the heavy interest in cloud-computing and hosted applications, both IT vendors and consumers are seeking ways to reduce costs of deployment, speed implementation, and do more with fewer resources at hand. Google, Amazon, Salesforce, and Microsoft are just a handful of the many vendors vying to be the cloud-based app provider of choice. But in the hype, it seems that few vendors have discussed the new breed of security concerns that cloud-based services yield.
Eric’s presentation touched on these very security concerns in the new SaaS world. And most importantly, Eric brought up the idea of leveraging “stronger forms of authentication” to mitigate the weak security of simple username and password. “One Time Password (OTP) is the answer!” Two-factor Authentication and OTP are not new technologies. Enterprises have long been using OTP tokens to authenticate users’ access to internal networks (via VPN) for years now. But traditionally, OTP credentialed VPNs have been too costly or too resource consuming to manage and deploy. That is, until now – Eric also demonstrated a low-cost OTP credential in the form of a mobile phone software generated OTP. And the iPhone screen-shot Eric displayed on his slide was the VeriSign Identity Protection (VIP) Access for Mobile credential. Eric pointed out a unique feature of the VIP Access for Mobile software was that the key generator resides locally on the mobile phone itself, thus requiring NO network connection as some other products require in order for an OTP key to be sent via SMS or voice.
Here is Eric on stage:(image added 11/11)
What Eric did not mention during his session, is that behind the VIP Access for Mobile OTP credential lays a trusted VeriSign Identity Protection service entirely hosted by VeriSign. VeriSign allows enterprises to quickly and cost-effectively implement and integrate scalable Strong Authentication services (for VPN or partner and customer communications) for validating user credentials via Web Services APIs that connect to the VIP hosted network.
So what does this mean for the mass of new cloud-based computing enterprises? It means that enterprises can rest assured that not only can they migrate IT apps to the cloud, but they can also secure user access by leveraging a cloud-based Security as a Service with the VeriSign Identity Protection service.
Witnessing a 3rd party (not to mention the fact that we’re talking about Google) extol the virtues of YOUR product, unpaid and unsponsored, was really an exciting surprise. And this really was a true coincidence – just by attending the Google breakout session at the Gartner IAM Summit, I saw VeriSign’s own Two-factor authentication product in action and being explained by one of the premier thought leaders in the industry. This certainly bodes well for a plethora of future opportunities for Security in the cloud. And I can’t wait to watch this all unfold.
Posted by Han Dong on November 10, 2009 4:01 PM | Permalink Post a comment (If you haven’t left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won’t appear on the entry. Thanks for waiting.)
Remember personal info?
Comments: (you may use HTML tags for style)
Search Categories Authentication | Cloud-based Security | Device Security | Fraud Detection | Fraud Detection Service | Identity | Mobile devices and credentials | OpenID | VIP Blog | WiMAX | fraud protection | iPhone | layered security | two-factor authentication | second-factor authentication | verisign | Archives November 2010 October 2010 July 2010 May 2010 April 2010 March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 Recent Posts And the SC Magazine Award finalists are… VIP Mobile Software Developer Kit (SDK) Available for Windows Phone 7 Some additional “Social Security” Qualys provides VIP Protection to its customers VeriSign Customers Honored by Computerworld Cloud-based Authentication Matters Here ‘Smart’ meters will require ‘Smart’ security A Year of Progress for VIP Access for Mobile VeriSign has “got your back” on fraudulent ATM activity Cloud computing security standards – Vinton Cerf, father of the internet, has got your back Subscribe Comments We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate. Powered by
Movable Type 4.21-en Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.
VeriSign Legal Notices
View the original article here