The security giant is using its former VeriSign engineering team to design the identity broker and is layering in security policy and control features. The company announced its cloud security strategy last October at the Vision Barcelona conference.
The gateway sits between the company and its cloud security providers. An identity broker can identify a user and the device they are using based on stored information that has been synchronized with Symantec O3. Based on that context, the platform can then grant or deny access to certain internal and external cloud applications.
A user could be blocked from accessing a Drop Box account, for example, if security professionals in the enterprise have configured settings that only allow access on a desktop PC, or only allow rights if the data being accessed is encrypted.
This control point is the Web access gateway, allowing certain information to be accessed by verified users through a single sign-on, but only according to the policy and security settings of the enterprise. Symantec said companies also have the ability to deploy two-factor authentication for external applications.
IT professionals have three options when it comes to deploying Symantec O3—it can be installed on-premise, as a Symantec-hosted version, or as a hybrid. According to Symantec’s senior product marketing manager Dave Elliott, deployment is “insanely convenient.” Users deploying the gateway on-premise can expect a three-day consulting appointment to make sure the platform is optimized and well-integrated with current systems.
Symantec hopes the platform will integrate seamlessly with all of their other security products, said Elliot, although it does not support third-party products.
“The vision is that it will work today with a DLP and encryption if you’re a [Symantec] DLP and encryption customer,” he said. “We intend to apply all our great assets in the future.”
Symantec O3 will also contain two additional layers, a cloud information security layer and a cloud information management layer. The cloud information security layer of the platform scans the data being accessed for potentially harmful information, and can send notifications to security professionals if anything is identified as dangerous. The cloud information management layer allows for e-discovery and archived logs to be collected and analyzed for compliance visibility and in case of an audit.
The security and management components of the platform will be released in the second half of this year and early next year, respectively.
Symantec virtualization announcements
Symantec will also be announcing some changes to virtualization security at the RSA Conference. Several products, including Symantec Critical System Protection, Symantec Data Loss Prevention, Symantec Control Compliance Suite and others have new VMware integrations.
They are also incorporating API integrations, content and process workflows, and extending infrastructure and information security to virtual environments.
-Stephanie Wright, Contributor
View all of our RSA 2012 Conference coverage.