At the RSA Conference Tuesday, Symantec announced general availability of its O3 cloud-based single sign-on (SSO) and authentication service, which adheres to a concept company CEO Enrique Salem outlined exactly a year ago at RSA 2011. Symantec also provided detail on future capabilities the O3 cloud service will have for data-loss prevention and encryption.
"O3 is cloud identity and access management," said Nico Popp, Symantec vice president of product management. Businesses using it to manage authentication and access for users with any type of device can leverage their existing identity infrastructure, such as LDAP, Oracle or Microsoft database, to establish the initial authentication procedures in an agentless process through the O3 Gateway. This gateway, a login portal that will display applications that the individual is allowed to access, basically functions like a reverse proxy, Popp explains.
[ In the data center today, the action is in the private cloud. InfoWorld's experts take you through what you need to know to do it right in our "Private Cloud Deep Dive" PDF special report. | Also check out our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
The first version of O3 delivers SSO access control and log management, plus strong two-factor authentication from a variety of third-party vendors if more than simple passwords are needed. Basic pricing runs about $50 per user per year for 500 seats.
In the future, O3 capabilities will expand to include cloud-based data-loss prevention and encryption related to specific traffic the business wants to protect.
"We could intercept a file going to Dropbox, for example, and submit it to DLP and decide whether it's appropriate to send to Dropbox," says Popp. Another security control would be blocking data until it was submitted for encryption in some form. Symantec acquired encryption vendor PGP two years ago and is drawing from expertise and technologies gained there.
In other RSA news, Symantec said it's put together a three-day training program based on the Cloud Security Alliance (CSA) documentation intended to share security concepts and practices. The cost would be $2,100 per person.