- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
I recently had the opportunity to speak with the two old-line purveyors of privileged user management software (also called Privileged Identity Management and Privileged Password Management) -- Cyber-Ark and e-DMZ Security. In separate phone conversations we covered most of the two companies' offerings and today we'll take a look at how they feel about cloud computing and authentication.
Both companies have been involved with protecting what I'll call "system accounts" for many years. These are the accounts (such as "root" on 'nix systems and "administrator" on Windows systems) that generally allow shared access among a group of IT support personnel and have virtually unlimited access to system resources. Through methods that include data-vaulting, login redirection, session auditing, automatic password reset and other methods, these two organizations do a relatively thorough job of protecting access to enterprise resources. They can do this by funneling access to those accounts and resources through the services they offer. Recently, mainstream Simplified Signon (SSO) vendors (such as Passlogix) have attempted to get into this space so I thought I'd ask the PUM vendors about moving into a different space -- cloud computing.
Cyber-Ark's Adam Bosnian (vice president of products and strategy), Shlomi Dinoor (vice president of emerging technologies) and Roy Adar (vice president of product management) were adamant that the data could be protected by their products no matter where it resided. They did say, though, that protecting that data is the responsibility of both the enterprise and the host-in-the-cloud. Precisely because there's no way to funnel the connection through the enterprise network, they said, it's imperative that the application provider provide methods for validating the connection and using the enterprise's own tools for security. No one should rely solely on the cloud vendor's security.
EDMZ's CEO/CTO Kris Zupa essentially agreed that the necessary "hooks" need to come from the cloud application vendors and advised that customers to "go slow" in moving critical data (and services) into the cloud. Zupan, in fact, almost paraphrased his rivals' thought when he said that Privileged User Management in the cloud would require moving to a modular approach -- that is, part implemented by the enterprise and part by the cloud vendor.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment