As organizations adopt on-demand cloud-based services, keeping track of a multitude of URLs, user names and passwords in order to gain access to critical applications is a challenge for end users. For IT, managing identities for end-users and access privileges amongst the various echelons of employees, in addition to overseeing rapidly developing applications, can cost valuable time and resources that many IT departments can’t afford to spare.
What they do: Okta offers an on-demand Identity and Access Management (IAM) service that brings all of a company’s SaaS applications together under one consolidated dashboard. By integrating a company’s core directory services to provision and de-provision users automatically, Okta serves as a point of access that lets IT take a vendor-agnostic approach to managing different identities across on-demand and on-premise applications.
Okta’s IAM is designed for use outside of IT, while still putting final control in the hands of key administrators. Okta allows customers to address the challenges of securing and controlling users and access, simplify the adoption and scaling of these applications, and get insight on usage and utilization to ensure that companies are optimizing their cloud investments.
Why they’re an up-and-comer? Instead of using a hosted software model or an appliance, Okta’s IAM software is developed to run primarily from the cloud with single sign-on for each user. CEO and Co-founder, Todd McKinnon’s experience as SVP of Engineering at salesforce.com has helped shape Okta’s focus on usability, accessibility, and scalability.
Customers include Pandora, LiveOps, Enterasys, and White Pages.
As the applications and device landscape continues to change, organizations are struggling to deal with multiple authentication and identity management schemes. Many have created a hodge-podge of solutions that vastly increase IT overhead.
At the same time, end-users are being forced to remember even more passwords, which they inevitably write down (undermining security) or forget (increasing Help Desk calls).
What they do: SecureAuth’s Identity Enforcement Platform is designed to be a single, unified solution for application sign-ons. SecureAuth IEP includes a Security Token Service, 2-Factor Authentication, SSO, and Identity Management (IdM) in a single solution to make it secure and simple for end-users to access cloud and on-premise applications and resources.
SecureAuth leverages existing directory services, such as Active Directory, to ensure that the management of user identities is consistent across applications, in house, in private clouds, in hybrid clouds or in service provider clouds. This approach also eliminates the risk associated with outsourcing identity management to third parties.
When deployed as an appliance, SecureAuth IEP doesn’t require complicated APIs or application modifications in order to implement 2-Factor Authentication, SSO or IdM services. SecureAuth abstracts all digital certificate and SAML complexity so that IT doesn’t have to maintain special skills.
Why they’re an up-and-comer? SecureAuth has raised $12 million from private investors, including Quest Software. The company has over 200 customers worldwide, which include AIG, ALLTEL, Carnegie Mellon University, Chevron, Diebold, and Oppenheimer Funds. The company also partners with McAfee, Cisco, Juniper Networks, and Citrix.
SecureAuth was recently awarded a U.S. General Services Administration (GSA) contract to SecureAuth Corporation to provide browser-based 2-Factor authentication, integrated SSO, and IdM services for its cloud-based email and collaboration platform, based on Google Apps. The award will enable GSA to adopt Google Apps in a manner that is both secure and seamless for up to 18,000 end users worldwide.
What’s needed is security as a service.
What they do: StillSecure provides a suite of network security solutions, including firewall, IDS/IPS, VPN, email security, multi-factor authentication, vulnerability scanning, log management, and more that can be deployed to secure private and public cloud environments.
In short, they have updated traditional border security technologies to make them work in cloud environments and to deliver them as services, while adding less common features (such as ongoing vulnerability scanning) that should be mandatory in cloud environments.
Why they’re an up-and-comer? StillSecure has actually been around longer than most companies in this roundup. They started off in 2000 as Latis Networks, and became StillSecure in 2003. The company then re-engineered their product suite and shifted their focus from NAC to managed security services.
StillSecure is targeting a massive market for cloud services that Gartner pegs at $102 billion by 2012. The company has raised $37 million in VC from Mobius Venture Capital, W Capital Partners and Meritage Private Equity Funds, and claims to be fully profitable.
StillSecure has lined up an impressive array of reseller agreements, helping them build out serious sales channel. VAR and channel partners include XO Communications, Peak10, Continuum, CoreLink, CoreSite, Host.net and ViaWest.
Comment and Contribute
Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeed
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.
