This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."
Download it now to read this article plus other related content.
New Password Hell?|
Proliferation of software-as-a-service offerings spawns new issues.
One possible solution is yet another SaaS offering. TriCipher, which launched TACS (TriCipher Armored Credential System) a couple of years ago to provide strong, easy-to-deploy authentication for environments serving thousands of users. Its myOneLogin service leverages TACS' scalability to provide secure authentication and single sign-on (SSO) for multiple Web apps.
WebEx is among the SaaS providers supported out-of-the-box (Salesforce. com and Google Apps are among the headline business apps, and TriCipher recently added consumer applications including Amazon, Yahoo, PayPal and eBay), but any application with an API can be plugged in. Once app integration--say, an online car rental or travel service--is done for one customer, myOneLogin will support it for all.
"In the past, WebEx was more of a data conduit for real-time
| meetings, not a data store per se, but as we expand our collaboration portfolio, and launch WebEx Connect, the WebEx platform will evolve into a rich repository for data and applications, shared across users from multiple companies. Once you go into that realm, it's extremely useful to layer security," says Bharath Rangarajan, director of product management at WebEx.
The heart of the service is the TACS appliance (see Information Security review, January 2006). One part of the authentication is stored on the TACS appliance, the other with the user.
TriCipher offers three levels of security. Basic utilizes browser cookies, and Intermediate uses certificates. High is based on TriCipher's Identity Protection Tool, in which myOneLogin prompts the user for strong authentication, including tokens, smart cards and biometrics.
Companies can enroll users in batch file uploads or Active Directory integration for larger organizations that require dynamic provisioning and deprovisioning, and the policy controls that directory services provide.
"We see a market opportunity for improved security and convenience for users of SaaS applications," says Jon Brody, TriCipher VP. "We deliver better authentication but don't focus the conversation on it. We get a tremendous roll of the eyes when we ask about managing multiple IDs and passwords. Customers buy us for convenience but get security."
"Solutions such as myOneLogin enable people to get in and get on with business," says WebEx's Rangarajan. "We view ease of administration and usability as critical not only by customers but our own partners as well."
This was first published in May 2008