The fundamental requirements of information security may not change dramatically as organizations migrate to cloud-based services, but implementing the policies and controls governing security are another matter. Symantec has unveiled the first of a three-stage cloud security initiative, the 03 Information Protection gateway, which it characterizes as a single security control point to embrace cloud while controlling access to information and services.
Thus, logically, the first release provides identity and access management control to cloud assets and services, providing single-sign-on (SSO) while leveraging existing user identification stores. It provides context-based authorization, password management and federation services and includes Symantec Validation and ID Protection (VIP) service to provide token-based strong authentication to cloud services.
One of the ideas here is to provide enterprise-managed access to cloud resources, reducing and , theoretically, eliminating the need to make an end-run around corporate IT go rogue by accessing services without enterprise control.
The approach fits very nicely with Symantec’s newest mobile security initiatives, bringing mobile devices, including personally owned devices, under the enterprise umbrella.
The next stage will for O3 will be data protection, leveraging Symantec’s encryption and data loss prevention tools, followed by managing information in the cloud, extending corporate governance and supporting compliance requirements.
Symantec also announced major virtualization security support, through API integration of the heart of its portfolio of security products and services with VMware. The integrations include:
- Symantec’s Critical System Protection, which provides host-based intrusion prevention and firewall, file and configuration lockdown, device and application control, and malware and exploit prevention.
- Data Loss Prevention
- Control Compliance Suite (Symantec’s IT GRC product)
- Security Information Manager, which aggregates, correlates and analyzes security data from physical and virtual security assets, along with threat data from Symantec’s ThreatCon research service.
- Managed Security Services
- Various endpoint products.