Cloud Computing Security

RSA Unifies Identity and Access Management Across Cloud Infrastructures

RSA, The Security Division of EMC® Corporation (NYSE: EMC), today announced new solutions within its Identity and Access Management (“IAM”) suite designed to address evolving security challenges that require new ways to manage and protect the growing number of users and device identities, the exponential growth in identity information and the need to help ensure consistent security across enterprise, cloud and mobile infrastructures.

To address the increased mobility of end users, authentication and authorization itself must be delivered from the cloud regardless of user location. As identity information is no longer confined to the enterprise but extends outward to the cloud, RSA has introduced a series of IAM solutions engineered to enable enterprises to confidently extend identity information and access more extensively to partners, consumers and cloud applications with risk-driven controls.


  • RSA adds new solutions to its Identity and Access Management suite designed to bolster security in hybrid IT environments – on-premise, mobile and cloud.
  • RSA delivers identity federation as a service in line with the RSA® Cloud Trust Authority vision
  • RSA deepens integration between its RSA® Access Manager and RSA® Adaptive Authentication solutions engineered to enable a powerful new concept—extension of a dynamic security perimeter around user access that is adaptive to changing risk levels based on many different contextual risk factors.
  • RSA lays the foundation for tomorrow’s identity infrastructure with the RSA® Adaptive Directory, unifying identity management for enterprise and cloud uses

These solutions are engineered to help enable organizations to:

  • Create a dynamic perimeter around online user sessions that leverage contextual information to calculate risk and enforces adaptive authentication according to enterprise policy
  • Correlate and aggregate identity information and selectively and securely expose it to cloud applications and partners
  • Minimize time taken to establish identity federation with cloud applications by using an identity and access broker

RSA Access Manager – is built to help organizations cost-effectively provide secure access to web applications through web single sign-on (Web SSO), consolidate access controls for enhanced security, benefit from an improved user experience and accelerate application deployment. In addition, RSA Access Manager is designed to support a broad range of authentication methods, including tight integration with RSA Adaptive Authentication for out-of-band phone and the new support for out-of-band email risk-based authentication.

RSA Adaptive Directory – is engineered to correlate and aggregate identity information across variety of enterprise sources and delivers a global view of identity using a flexible, scalable identity virtualization layer. This is a vital building block for organizations as they prepare to share identity information more widely and add many more identities.

RSA Adaptive Federation –is designed to provide secure identity federation as a service to assure that the right users have the right access at the right time, to business-critical resources and sensitive data in SaaS applications. Powered by VMware® Horizon Application Manager, RSA Adaptive Federation is engineered to enable secure and convenient access to and from the cloud while lowering deployment and operating expenses associated with products hosted and maintained internally by organizations. With the RSA Adaptive Federation solution, the need for employees to remember sign-on credentials for each cloud application is eliminated and they can securely use any browser-enabled device for access to cloud applications. RSA Adaptive Federation is designed to interoperate with Microsoft Windows® operating systems and RSA SecurID® authentication already deployed at organizations.

Industry Analyst Quote:

Sally Hudson, Research Director, IDC
“Identity and access management in a highly mobile, consumerized IT world changes significantly from traditional enterprise access. Security teams have to support high numbers of short, unpredictable access requests to a wider range of resources, from a wider range of devices and physical locations. Ensuring trust in the identities, the user session and the appropriate access to sensitive resources across mobile, cloud and enterprise infrastructures is a huge challenge for security teams. As a market leader, RSA is well positioned to deliver solutions that dynamically combine risk-based authentication, authorization and federation while simplifying identity infrastructure.”

RSA Executive Quote:

Dan Schiappa, Senior Vice President Identity and Data Protection Group
“In today’s increasingly mobile, distributed and cloud-based world, security teams need to enable trusted access to critical resources no matter where the user or resource is located, even if large parts of the infrastructure involved are outside of IT’s direct control. Today’s announcements go a long way towards achieving that goal and deliver on the RSA Cloud Trust Authority vision. Think of it as enabling the security infrastructure to deploy a dynamic perimeter around user access, with the level of authentication determined based on the unique risk of that session. It marries user convenience with far greater security and control for security practitioners.”

The new solutions are available immediately. RSA Access Manager and RSA Adaptive Directory are available both through RSA direct sales and authorized RSA SecurWorld partners. RSA Adaptive Federation is available through RSA direct sales.


UnboundID Debuts Cloud Identity Management Products based on SCIM Specification

UnboundID, a leading provider of identity data solutions for cloud, telco, and enterprise computing, today released the industry’s first commercially available products based on the Simple Cloud Identity Management (SCIM) standard. By supporting SCIM, UnboundID can provide a standardized and simpler solution for organizations provisioning and managing user identities across multiple cloud-based services, including IaaS, PaaS and SaaS offerings.

UnboundID’s SCIM-enabled directory server enables developers to build scalable and secure directory applications using simple, REST-based interfaces. In addition, UnboundID announced that it will release an extension to its Synchronization Server that makes it possible to synchronize identity data from existing data stores—such as Active Directory, LDAP and relational databases—to SCIM-enabled cloud applications, like By supporting SCIM-enabled data stores as a destination for its Synchronization Server, UnboundID has delivered a complete solution for integrating identity data from on-premise data stores with SCIM-enabled cloud-based services.

The SCIM working group, which includes Cisco, Google, Ping Identity, SailPoint, TechnologyNexus,, and UnboundID, gathered at the Internet Identity Workshop in October to continue their work in finalizing the initial version of the specification. The SCIM 1.0 specification was approved by the working group and released publicly December, 30 2011. UnboundID is the first vendor to release an end-to-end suite of products based on the SCIM specification. Other members are “SCIM-enabling” their products and services further solidifying SCIM’s position as the go-to standard for identity provisioning in the cloud.

With its product announcements today, UnboundID is positioned to provide solutions for both sides of the cloud identity integration problem. This includes a solution for synchronizing data from on-premise identity data stores to the cloud and a high-scale identity data store that supports a RESTful, standards-based interface for cloud service providers.

“Until now, provisioning for cloud-based services has largely involved synchronization of user accounts across an on-premises authoritative store and a SaaS application user store via proprietary ‘glue,’” said Steve Coplan, senior analyst within The 451 Group’s enterprise security practice. “UnboundID’s support of the SCIM specification in its new products enables organizations to take advantage of the benefits of a protocol designed to reduce duplicative, one-off integrations and leverage a consolidated data store to automate the provisioning process. As adoption of SaaS applications within organizations extends beyond a single, monolithic application, organizations require a centralized and data-driven approach to managing authorization to a new class of applications. With the integration of SCIM, UnboundID has taken a step in the direction of providing the underlying data and attribute store to support that transition to cloud identity catalyzed by shifts in the IT consumption model,” Coplan said.

Said UnboundID Chief Product Officer Andy Spillane: “By contributing to the development of the SCIM specification as a founding member of the working group, to being the first company to release an SDK for developing applications with SCIM, to delivering the first commercially available solution for sending and receiving identity data via SCIM, UnboundID has proven its commitment to delivering real-time identity management software for cloud, mobile and social applications. We believe we are well positioned not only to support the adoption of SCIM, but to help drive the path of adoption as well.”

Cloud Computing

American Red Cross transitions to cloud computing platform, Deploys Access Risk Management Suite

Courion Corporation, the leader in identity and access management for access risk, today announced that the American Red Cross will use the Courion Access Risk Management Suite to streamline operations as part of an organization-wide transition to the Microsoft Office 365 cloud computing platform.

The American Red Cross will use the Access Risk Management Suite to provision Office 365 email for full-time employees, contract workers and volunteers. Email is a key communication tool for the Red Cross as it organizes disaster response, supplies nearly half the nation’s blood supply, teaches lifesaving skills, provides international humanitarian aid, and supports military members and their families. This project will leverage a cloud-based email solution, streamlining operations and reducing system costs and maintenance. Office 365 will allow the Red Cross to distill the many varieties of email addresses at chapter offices to create a single address for each worker. When the project is complete, the Red Cross will have a single global communication system for reaching staff and affiliates quickly. The Red Cross is currently one of the largest Office 365 implementations.

“The national organization and the chapters built out their IT infrastructures and added users, growing our email systems independently which created a lack of consistency across the organization. As we move from a franchise model to a regional chapter model, it’s important everyone is operating on the same platform,” said Suzanne Hall, the American Red Cross’ Chief Information Security Officer. “The Courion Access Risk Management Suite will enable us to improve security and reduce access risk across the organization by managing user access to a single email platform.”

The Access Risk Management Suite provides a simple and fast time-to-value alternative to complex, expensive conventional identity and access management (IAM) solutions. Automated and configurable for rapid implementation based on the best practices of more than 500 customers, the Access Risk Management Suite delivers faster time to value and lower total cost of ownership that other IAM solutions. It integrates key IAM functions such as identity and access governance, user provisioning, and password management. It is available as on-premise software or as a pay-as-you-go SaaS (software as a service) cloud offering called CourionLive™.

“As organizations move mission-critical applications and data onto cloud-based platforms they must apply the same level of identity and access management requirements as they do for internal applications. They also need to understand who is responsible for managing identities, how to ensure the right user access is available, and the proper mix of preventative and detective controls needed to best secure their cloud environment and minimize potential user access risk,” said Kathy Pugh, vice president of services at Courion. “The American Red Cross is demonstrating how to get the most business value from their move to the cloud by automating their provisioning and clearly associating a specific user with a specific email address.”