Jim Reavis, Cloud Security Alliance: Collaboration Aims at Building Trusted Online Identity Solutions

April 26, 2010

The industry collaboration is aimed at building trusted online identity solutions -- a lynchpin requirement for the widespread adoption of cloud computing and software as a service (SaaS) solutions. The industry effort combines technologies and best practices from Conformity, Ping Identity, TriCipher, Qualys, and VeriSign.

Authenticating and protecting the identity of all parties is vital to establishing trust in the cloud. By integrating VeriSign's server and end user/device solutions, cloud computing and SaaS providers are better equipped to assure every enterprise that its IT policies and controls will remain unchanged within the cloud. VeriSign's trust capabilities are built into many of the most widely used cloud-based solutions today, including SuccessFactors, Box.net and Xactly.

"Barriers to cloud adoption go beyond security; it's about trust," said Jim Reavis, executive director at the Cloud Security Alliance. "To create a trusted cloud-based ecosystem, it takes global associations like the Cloud Security Alliance and our Trusted Cloud Initiative, as well as firms like VeriSign and its partners to establish identity trust solutions built on proven technologies, common standards and best practices. This industry effort is a welcome contribution to the SaaS community, and a reassuring and valuable option for enterprises aiming to confidently deploy cloud-based applications and services."

VeriSign works closely with leading cloud service providers and industry standards groups to provide solutions that address organizations' most pressing requirement for cloud migration: the ability to trust that enterprise data, applications, and the identities of employees and customers will be kept safe. VeriSign builds on its experience as the industry leader in delivering trust to Web sites via Secure Sockets Layer (SSL) certificates, and as the market leader in delivering identity trust to end users and devices via strong authentication capabilities.

"SuccessFactors' partnership with VeriSign reflects our commitment to providing our over 6 million customers with world-class security," said Randy Womack, CIO of SuccessFactors. "Bringing together cloud heritage and security expertise, SuccessFactors' partnership with VeriSign ensures our customers benefit from trusted identification and authentication as they adopt our Business Execution Software."

VeriSign's industry collaboration effort establishes a blueprint for achieving identity trust by combining technologies and services with proven policies and certification programs. The effort addresses the top requirements for achieving identity trust, including:

Strong mutual identification. With strong authentication from the VeriSign Identity Protection (VIP) Authentication Service, enterprises can protect data and applications from unauthorized access. VeriSign also enables encrypted transmission and exchange between the enterprise and the cloud via Public Key Infrastructure (PKI) and Secure Sockets Layer (SSL) certificates.
Federation. To achieve widespread adoption, a trusted identity must be broadly accepted throughout the cloud. Ping Identity and TriCipher enable enterprises to establish one online identity for users with a single, secure sign-on across virtually every leading SaaS application.
Vulnerability and Compliance Management. It is essential that cloud-based offerings meet enterprise requirements for managing users, applications and business processes. With IT security and compliance automation solutions from Qualys, SaaS providers can identify and mitigate risks before they pose a threat to enterprise data, applications and networks.
Provisioning. Conformity allows organizations to centrally manage on-demand applications, users and data, reducing security and compliance risks and operational costs associated with SaaS and cloud applications. Conformity also provides integration with enterprise directory services including Active Directory, LDAP, and HRIS systems.

"Cloud computing offers organizations new options for scalable, cost-effective, and flexible IT, but to gain the full benefits of these services, enterprises have to trust the security, policies, and processes of the cloud," said Nico Popp, vice president of product development at VeriSign. "Trust won't happen if users worry their identities are vulnerable, or if they're unsure whether the cloud-based service they're accessing is legitimate. That makes identity trust the essential ingredient for cloud migration -- and an industry imperative for SaaS providers."