Q12:
What tools do you offer to establish, maintain, and protect identity in the cloud?
We use a variety of tools and techniques to support identity in the cloud. We also focus on privacy, including Electronic Protected Health Information (ePHI) and personally identifiable information (PII). These tools are embedded in our solution and delivered as a service to our customers.
Cisco provides a number of cloud security solutions to protect data and identity in the cloud. One specific example is the Cisco Secure Cloud Access solution. With this solution, Cisco cloud security provides a critical SaaS revocation capability that establishes user identity and enables secure access to cloud-based SaaS applications. The Cisco SaaS revocation capability is delivered by the Cisco IronPort S-Series web security appliances to provide scalable access control to SaaS applications. When this capability is enabled, no direct access to SaaS applications is permitted. Instead, SaaS users are authenticated at a central place within the SaaS cloud subscriber organization. After successful authentication, security assertion markup language (SAML) is used to authorize access to SAML-enabled SaaS applications.
Citrix works with the leading identity providers in the Citrix Ready program to provide for identity management. Citrix is a thought leader in the bring-your-own-identity (BYOI) space, helping combine personal identity and corporate identities to facilitate access to multiorganizational applications and data.
Today these tools are specific to customer implementation, based on the technology deployed in their environment. Expedient helps to protect our clients’ identities more through process and governance than through a tool set. This is an area where we don’t publish specific details because doing so would help provide parties with ill intent with a roadmap to discover the information we are tasked with protecting.
With HyTrust Appliance in place, there are no anonymous changes to the virtual infrastructure. All administrative access must first be authenticated. HyTrust can leverage any preexisting investment in LDAP or Microsoft* Active Directory.* For even tighter security, HyTrust fully supports two-factor authentication with RSA SecurID or smart cards. In the event that root access is required, HyTrust Appliance features root password vaulting, which enables certain administrators to check out a temporary password for one-time access. All access to the environment can be tied back to a specific individual—a critical requirement in security and compliance-conscious data centers.
38 Intel IT Center Vendor Round Table | Cloud Security