McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Overview:

Add strong authentication, automated account provisioning, and single sign-on for your software-as-a-service (SaaS) applications. McAfee® Cloud Identity Manager helps you gain control of your cloud-based applications by enabling enforcement of your corporate requirements access and strong authentication—all while providing the convenience and simplicity of single sign-on, automated provisioning, and consolidated audit logs.

Description:

McAfee Cloud Identity Manager relieves the pain that end users have managing multiple passwords for cloud applications. Cloud Identity Manager allows you to enforce corporate standards for cloud application access and improves productivity for IT and end users by relieving password reset requests.

Complete control of the cloud access security lifecycle — Cloud Identity Manager provides single sign-on (SSO), automated provisioning, strong authentication, authorization, and consolidated auditing.

Plug-and-play cloud connectors — Get out-of-the-box integration with popular cloud-based applications, including Salesforce.com and Google Apps. No coding or separate purchases of tool kits are required. Simply pick your cloud application from the console menu and you are ready to go. Quick implementation means a better return on your investment and a faster time to value.

Benefits and Features:

• Improve usability and productivity from a single sign-on (SSO)
  Leverage existing corporate identity systems and directories (e.g., Active Directory) to provide SSO to both internal and cloud-based applications. SSO improves the user experience while enforcing corporate requirements for passwords and reducing password reset requests.
  
  
• Get strong two-factor authentication
  Strengthen overall application access security and reduce the risk of data loss and fraud through policy-based enforcement. McAfee Cloud Identity Manager includes a one-time password (OTP) module that provides everything you need to implement strong security for your cloud application access. Flexible and easy to use, OTP modules use a variety of authentication methods, including passwords sent through SMS, email, and instant messenger. Options also include hardware or USB tokens, software apps on mobile devices, and Identity Protection Technology (IPT) on Intel processors or any OATH-based token.
  
  
• Improve productivity with automated provisioning
  Auto provision and de-provision cloud accounts by integrating with the enterprise directory. Automated provisioning enables you to quickly onboard new users, improving productivity. Changes in user roles and attributes are automatically synchronized across all cloud application accounts, and accounts are instantly disabled when employees are removed from the corporate system.

Solutions:

Breaking the Barriers to Cloud Application Adoption

Cloud applications are enabling new business and IT models through hosted and flexible, scalable applications. Yet, mass migration to cloud-delivered applications has been slowed due to concerns about security. Key barriers to entry are focused around loss of control, lack of cloud access visibility, and enforcement of corporate governance and regulatory compliance.

Central to these concerns is that corporate users manage their own accounts for cloud applications, typically using weak passwords that are disconnected from the corporate identity infrastructure. User actions in these disconnected applications go without oversight or authorization, leading to risk of sensitive data loss and compliance violations. Additionally, the lack of standardized logging prevents administrators from monitoring and correlating cloud application user activity with internal audit repositories.

The federation barrier
So how do the organizations gain control access and security for cloud environments that are outside of their traditional security models? Why not just extend internal access management systems to the cloud application? This is possible with authentication and authorization standards such as security assertion markup language (SAML). However, point solutions designed to broker or "federate" trust between the enterprise and a service provider ran into a major barrier—they could not be scaled fast enough across multiple providers. The cause? Federation solutions had a narrow scope that still required manual provisioning of accounts, did not include an authorization model, and lacked integration with existing/additional strong authentication technologies, a prerequisite for access to sensitive corporate data. McAfee Cloud Identity Manager removes these barriers by automating account provisioning, enforcing strong authorization models, and integrating with existing enterprise identity management systems.

Control the Lifecycle of Access to the Cloud

McAfee Cloud Identity Manager can be deployed to secure enterprise user access to SaaS providers and to protect access for custom enterprise applications deployed in the cloud.

Out-of-the-box connectors
The McAfee Cloud Identity Manager administrative console makes it easy to view, author, and control access policy by cloud providers. Packaged with the solution are several plug-and-play connectors to common identity management and enterprise platforms such as Microsoft SharePoint. Also included are session creation and account provisioning connectors to popular SaaS and service provider platforms. Federated authentication and authorization protocols are based on standards like SAML, eXtensible access control markup language (XACML), and emerging open authorization (OAuth) and OpenID identity standards that can connect Internet-based identity providers (for example, Facebook) with corporate identities and authorization policy.

Automated provisioning
A rich set of account provisioning and deprovisioning functions are delivered by the embedded provisioning engine. No more manual account creation is needed. Provisioning of accounts is seamlessly pushed from the enterprise to all cloud applications authorized for corporate use. Key attributes can be fetched from multiple authoritative attribute sources (service provisioning markup language [SPML]-capable provisioning systems and directories databases) and kept in perfect synchronization across cloud

Mobile strong authentication
Cloud access is becoming increasingly mobile. This means that the access to your cloud applications must be accessible regardless of time and place. For access from mobile devices (not behind the corporate firewall), stiffer security standards need to be enforced. McAfee Cloud Identity Manager's one-time password server enables enforcement of second-factor authentication from mobile clients by policy. Second-factor authentication is easily enforced with a one-time password (OTP) requirement. The OTP can be delivered to cell phones via SMS (Flash or storable), email, chat programs, or generated using the included Pledge OTP mobile client application—no expensive hardware-based tokens are required.

Enterprise client validation
For sensitive cloud applications, you may only want to allow access from approved enterprise laptops or PC clients that are confirmed to be free of malware. Federated single sign-on and even strong authentication technologies do not present enough assurance to allow access to missioncritical cloud applications. To solve this weakest link in the secure client to cloud connection, McAfee Cloud Identity Manager leverages Intel Identity Protection Technology (IPT) that is built into second-generation Intel Core i3, i5, or i7 Processors.

With a computer using Intel IPT, a cloud service provider or enterprise can validate that users are logging on from a known and trusted PC.

In addition to a username and password, the PC will generate a unique code at time of login to verify that users are requesting access from the PC where they registered their accounts. The technology works within the embedded Intel Chipset Management Engine isolated from the operating system.

Bringing It All Together: Trusted Client

Ubiquitous user access
So what does McAfee Cloud Identity Manager mean for the end user? It means a simplified and secure mechanism to access their cloud-based productivity tools. It means simplified single signon with secure access to their cloud applications from wherever they are. No more password sticky notes on the keyboards and no more account password reset requests to IT.

Administrative control, compliance, visibility
For administrators, McAfee Cloud Identity Manager provides the missing element of control. Control is achieved from a single administrative console where complex role-based access, time, network, and location-based authorization policies are authored and enforced per cloud application. Compliance is delivered with account deprovisioning reports and aggregated audit logging correlated with log management platforms. Visibility is gained by monitoring user activity and developer application programming interface (API) access across cloud applications and provider platforms.

Enterprise-class security and trust
Corporations can expand beyond internal applications and private clouds. McAfee Cloud Identity Manager simplifies integration of single sign-on and enterprise security for the cloud application access. McAfee Cloud Identity Manager enforces Pledge OTP strong authentication for applications that require additional security without costly hardware tokens. It includes all the tools your organization needs to extend your enterprise security to the cloud simply and effectively.

System Requirements:

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

Browser

• Internet Explorer 6, 8
• Firefox 3.6

Server operating system (32-bit or 64-bit)

• Red Hat Enterprise Linux Server and Advanced Platform 5.0
• Windows 2003, 2008

Hardware requirements

• Any Intel Xeon Multi-Core Server with 2 GB RAM

Documentation:

Download the McAfee Cloud Identity Manager Datasheet (PDF).