Intel, best known for manufacturing computer chipsets, entered the Identity as a Service space this week with software...
that provides a way to secure employee access to SaaS apps.
The new cloud-based offering, Intel Cloud SSO, is the first product to come from Intel Corp.’s 2011 McAfee acquisition, and it is built on Salesforce.com, Inc.’s Force.com platform.
Active Directory is no longer sufficient for managing identity.
The capabilities in Cloud SSO appear useful, but its integration limitations will keep Intel’s platform out of organizations, IT pros said. In addition, the Identity as a Service market is a nascent and may take years to gain traction in the enterprise, said Steve Coplan, an analyst at 451 Research, an IT research firm based in New York.
Intel Cloud SSO capabilities
Cloud SSO provides IT with management tools and visibility into what’s happening at the intersection of cloud storage and Software as a Service (SaaS) applications, said Jeff Sussna, founder of Ingineering.IT, an IT consulting agency based in St. Paul, Minn.
“A system that can blend internal and external access controls with the private and public cloud can be really powerful,” he said.
Intel Cloud SSO provides a single sign-on (SSO) authentication portal to businesses’ cloud applications, such as ADP Payroll Services, Dropbox, Microsoft Office 365 and SugarCRM. It also provides a dashboard that administrators can use to provision user applications, either individually or based on pre-defined groups
IT can restrict and prioritize SaaS apps and block app use on specific devices, at certain times or days of the week, or by IP addresses.
Users provide an initial authentication, and Cloud SSO takes care of the secondary authentication for the various SaaS apps, which are available to users in a dashboard console.
An employee connected to the corporate network has automatic authentication to use their provisioned SaaS apps, just as they would on a standard Windows desktop. If users work remotely, they can access applications through a browser, said Andy Thurai, Intel’s chief technology officer of application security and identity products.
“The nature of the beast for SaaS apps in the cloud is different because most times, the enterprise isn’t in control of them,” Thurai said. “Active Directory is no longer sufficient for managing identity.”
Meanwhile, Citrix Systems Inc., VMware Inc. and the cloud computing startup, Okta, offer similar competitive products that do integrate with Active Directory.
Cloud SSO limitations
Enterprises that want to integrate Cloud SSO with on-premises identity tools, such as Active Directory and Lightweight Directory Access Protocol, have to install what Intel called an “identity bridge” client, which is deployed to on-premises servers.
Installing the client can be a problem for many companies. New York-based alcohol distributor Castle Brands Inc. uses Active Directory to provision employees and set up group policies, so any service that IT wants to move to the cloud has to integrate with Active Directory, said Andre Preoteasa, the company’s director of IT.
Active Directory works well, so there’s no reason to replace it with something in the cloud, Preoteasa said.
“If my Active Directory could be accessed by cloud services,” without any sort of middleman client, “that would be ideal,” he added.
Additionally, Cloud SSO doesn’t integrate with enterprise legacy applications. It strictly provides IT better management and visibility for external SaaS apps, Intel said.
The other issue with Cloud SSO has to do with application program interface connectors for the thousands of available SaaS apps IT may need to support, Coplan said. For example, Salesforce.com’s platform and Cloud SSO rely on Security Assertion Markup Language (SAML) and OAuth for the secondary authentication between applications.
More on SaaS apps
SaaS applications help Bosley consolidate apps, cut maintenance costs
Identity as a Service tools offer IT pros control over BYOD, cloud
“The problem is, not every SaaS app supports SAML or OAuth,” Coplan said.
The Salesforce.com platform integrates with a large number of SaaS apps, but there are “20,000 other Internet apps [the platform] doesn’t integrate with,” Sussna said.
It would be tough to convince end users that they should only use the Cloud SSO services provisioned by IT, because after all, “IT can’t block the Internet,” he said.
Cloud SSO has a starting price of $5 per user per month, which includes an unlimited number of applications and 24-hour support. Volume discounts are available.
James Furbush asks:
Is Active Directory still sufficient for identity management?
12 ResponsesJoin the Discussion