Symantec releases a slice of O3 cloud security

Symantec

Symantec has made a portion of its O3 product announced last October generally available, yet two-thirds of the overall package is not ready yet.

The O3 offering, which looks to deal with identity management and data loss protection (DLP) in the cloud, consists of three separate parts.

The first is the authentication level, which is ready now, allowing customers to push their in-house identity management policies out to the cloud. It does so by pushing these policies out from Symantec datacentres to end user devices, much in the same way Silicon Valley start-up Zscaler does.

The second part of O3 is the information security layer, which uses Symantec's existing DLP and PGP encryption solutions to protect the data itself.

If you have loads of devices and datacentres, you need access control. That is something Zscaler doesn't have.

Then there is the auditing aspect to O3, which alerts companies to security events so they can move to shore up holes in their cloud infrastrucure.

Those two latter parts are currently unavailable. Symantec spokespeople told IT Pro they would be ready at some point this year, but could not confirm anything more specific.

Once all of 03 is ready, it will be competing with RSA and Zscaler's unnamed cloud identity management product, which mixes the latter's web gateway offering with the former's authentication technology.

However, Symantec's group president for enterprise products and services Francis deSouza told IT Pro at the RSA 2012 conference today that Zscaler's technology lacked things the world's number one security provider could offer, most notably encryption.

"If you have loads of devices and datacentres, you need access control. That is something Zscaler doesn't have," deSouza said.

"You need information protection, so it's not only just a single sign-on and access control but it's DLP and encryption. [Zscaler] does not do any DLP.

"But I think RSA has realised that you can't rely on being on every device, because in the future you won't be. And you can't rely on controlling the server and the perimeter... That's the right direction."

Salesforce.com tie-up

Symantec has also chosen to deeply integrate 03 with Salesforce.com, creating an application on the Force.com platform.

The application will let customers use their Salesforce.com identities as their key into cloud services with a single sign-on.

Just as the general O3 product will do, it will also hand IT departments tighter controls over how and what cloud products are used via Salesforce.com. Two-factor authentication can be built into the app as well.

The O3 Salesforce.com software will be available from mid-2012.

Salesforce.com CEO Marc Benioff was on hand during this morning's keynotes to talk about the need for better cloud security.

"When you're a cloud provider, trust is our number one value. A critical part of that trust is the security infrastructure," Benioff said.

"There is no finish line when it comes to security... Because there is no finish line, trust is ultimately the most important thing."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.