Winter holiday season is almost over, and business claims its attention back - it was a nice time with family, good food, and so on. But the world didn't stop, so we had to spend some time to look at a number of products. I would like to mention two here, especially because they help us getting closer to the Secure Cloud.
The first is Novell Cloud Security Service (shortly called NCSS). It is not clear according to todays product categories whether it is a product or a service, and this shows that we need to abstract more and more from this separation when moving into the cloud. Let me describe it by what its main benefits are from my point of view: it allows to run cloud services with the identities of enterprise-managed identity services, and to monitor security related information from an enterprise perspective.
Well, this seems not really interesting, after all, we can all set up a could service and let users authenticate against our company-run LDAP store. But this is different: it allows enterprise users to use GMAIL oder other real open cloud services to use their usual identity store, even with SSO (based on SAML, of course). The effort of integration with the app services is minimal, and identity information never leaves the companys's control. By this way, we can now allow business departments to choose their own cloud service provider, and yet keeping control over the identities and the security of the data (you can even connect this to your SIEM to get alerted appropriately).
Obvously, there is a catch-22 situation here from a market point of view: cloud service providers like to maintain users, and will integrate other identity stores only when they are ready, and the connection of existing identity stores depends on the willingness of the cloud service providers. Novell solves this problem by selling this to the operators that manage the cloud access for enterprise customers, but for those to be interested, CIOs need to formulate the demand... Clever approach, but may be tedious in selling. Anyway, it works technically, and those telcos that see security services as an added value will probably jump on it quite soon - once they get the real potential of such a solution.
The second big area of concern in the could besides using identities from managed sources is the security of information. Classical information security practices recommend to classify information according to confidentiality classes, and to define data management principles that must be applied by everyone to adequately protect the confidential data. Now everybody involved into that know how difficult it is to operationalize this strategy, namely to make sure the people are making the right choices when classifying (at all!) documents they create and/or handle.
The second product that I find pretty interesting is that by SecureIslands, called IQProtection, which does classification of documents based on several rules that can be defined (key words, sources, metatags etc.) AND - and this is new - integrates with a multitude of rights management technologies to immediately apply the necessary controls. They can even "change" the protection mechanism, e.g. when a document leaves the company, or when information is taken out of a web site (that can be protected as well) to be used with e-mail and S/MIME. Especially interesting is that they consider E-DRM as a commodity, and that they "only" deal with the management processes and the application of the protection mechanisms. Cool stuff, esp. when data is in the cloud. And of course, they can integrate with existing identity services for the credentials, to close the loop with my first example.
So, as said, I think the market is moving and we will see a lot of innovative stuff in the next months in that respect.