A Quest for secure authentication

The foundation for security and enterprise management

Some companies like to partner with IdM vendors either on specific projects or for strategic solutions. Some companies like to acquire IdM vendors to either round out their product offering or to provide specific tools to solve a specific need for their customers. And some companies do both.

Quest is one of the latter.

Now they've added a new twist -- making strategic investments in technology partners as a way to contribute to their viability (and, presumably, their productivity).

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Some companies like to partner with IdM vendors either on specific projects or for strategic solutions. Some companies like to acquire IdM vendors to either round out their product offering or to provide specific tools to solve a specific need for their customers. And some companies do both.

Quest is one of the latter.

Now they've added a new twist -- making strategic investments in technology partners as a way to contribute to their viability (and, presumably, their productivity).

I recently mentioned their investment in Symplified the self-styled "Cloud Security Company." That was quickly followed by an investment in SecureAuth Corporation, which identifies itself as "the emerging leader in identity enforcement for cloud and on-premise applications, VPN resources, and mobile devices." (Either they do a whole lot, or they want to draw their "leadership" narrowly!)

BACKGROUND: Symplified a company to be reckoned with

At the same time SecureAuth announced the investment, they also announced the SecureAuth Identity Enforcement Platform (SAIEP). This security system purports to enable transparent access while providing protection against unauthorized access, phishing and password attacks. It also claims to prevent the misuse of an organization's portable identities regardless of where an application resides or how an end user accesses data.

SAIEP provides integrated 2-Factor Authentication, SSO and IdM, and is configurable to address the security requirements for cloud, Web and VPN resources with integrated services. Among its more interesting features, SAIEP:

• mutually authenticates both the user and the corresponding resource to prevent phishing and password attacks;

• supplies unique browser based digital certificate that eliminates application integration, installation and management of client software;

• provides strong authentication native to SSO without third-party integration;

• requires no hardware tokens to be managed, lost or stolen;

• is 100% integrated SSO with 2-factor authentication, or configurable as standalone;

• delivers "SAML Services in a Box" -- automates SAML 1.1, 2.0, OpenID, etc. assertions;

• automatically converts directory identities into application identities;

• ensures access anytime from anywhere and reduce calls to your help desk by enabling users to manage/reset their own password;

• supports user self enrollment based on configurable verification methods to meet user and IT requirements;

• is fully integrated into Active Directory and other data stores means no data synching or yet another directory to maintain, and

• enforces authorization based on your RBAC policies for users and administrators.

Evidently they do do a whole lot!

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.