Modernizing Authentication — What It Takes to Transform Secure Access
Symantec (NASDAQ: SYMC) is rolling out a new platform called O3 Cloud Identity and Access Control to help enterprises better control their employees' access to the cloud. With a general availability announcement today at the RSA Conference, Symantec is aiming to make it safer and easier for enterprises to embrace cloud services.
"O3 is a name that reflects the molecule for ozone which is a code name we used internally," Dave Elliott, senior product marketing manager at Symantec, told InternetNews.com. "We think ozone is a nice metaphor for protection and a new layer of security that goes above the cloud."
Elliott explained that a core component of the solution is the O3 Gateway, which is the control point for cloud access. The deployment scenario is that users authenticate via the O3 gateway, which in turn federates with any enterprise user identity story including Active Directory and LDAP. On top of the O3 Gateway is an administrator console called the O3 Intelligence Center which is where policies are provided for the gateway. The total solution then provides policy driven control to external clouds or to internal web applications.
"The Gateway works as a reverse proxy," Elliott explained.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Reverse proxies are commonly used for load balancing static and dynamic content across multiple internal Web servers in an organization. The reverse proxy connects directly with end-users to deliver content from a given web resource.
"At the highest level, with O3 you have single-sign for the cloud," Elliott said.
Going beyond just control, O3 also includes cloud forensics and visibility. The gateway can provide information about cloud access to help enterprise compliance efforts. Administrators will be able to see which users are accessing cloud services and understand how the cloud is being used.
Deployment scenarios for O3 include on-premise as well as in-the-cloud options, and it can also be delivered as a hybrid solution. The O3 Gateway is being delivered by Symantec as a virtual appliance that can run on VMware, the open source KVM hypervisor, as well as an AMI image for Amazon.
The O3 cloud identity and access control component is the first of three O3 services that Symantec has on its roadmap. The other two services are a cloud information security layer and cloud information management; Elliott noted these will be formally announced later this year.
Security Integrations with VMware Cloud Infrastructure Suite
Looking beyond just the O3 solution, Symantec is also rolling out a set of integrated solutions to help protect VMware environments, in the cloud and in the data center. The new security integrations are built into the latest versions of Symantec's Data Loss Prevention, Control Compliance Suite, Critical System Protection, and Symantec Security Information Manager (SSIM) products.
"What we're announcing is a doubling down on VMware security by Symantec," Elliott said. "These are not just API integrations; we focused on content and process workflow integration."
For example, with the Control Compliance Suite (CCS), Symantec has created a policy template for VMware configurations. That template is based on VMware recommended configurations such that an enterprise can report on how compliant they are.
From a workflow perspective, the Data Loss Prevention (DLP) product is integrated such that an administrator can discover vulnerabilities from information flowing in virtual machines. The DLP integration will enable unauthorized data flows to be quarantined on the virtual machine as per a defined policy.
"This is not a partner announcement, these are distinct integrations," Elliott said. "We're extending security for virtual environments beyond just anti-virus to infrastructure and information security."