RSA to Manage Access to Cloud Computing Services


There is a growing school of thought that says that the process of securely managing applications is better off taking place in the cloud.

As part of a general shift towards managing anything to do with security and compliance in the cloud, RSA, the security division of EMC, this week at RSA Conference 2011 in San Francisco, announced that it will begin beta testing the RSA Cloud Trust Authority in the second half of this year.

According to Nirav Mehta, a senior manager at RSA, the basic idea is to create a central resource in the cloud from which IT organizations and service providers can provision access management rights across a set of federated cloud computing services. Rather than try to build point-to-point connections to each service, the RSA Cloud Trust Authority provides a connection to a broad range of software-as-a-service (SaaS) applications in the cloud. Mehta says this greatly reduces the management overhead associated with identity management across diverse sets of cloud computing services.

The complexities associated with managing cloud computing applications is starting to have an impact on adoption of public cloud computing services, says Mehta. By providing what amounts to an access management service in the cloud, RSA expects to make it easier for a greater number of organizations to add SaaS applications to their enterprise portfolios.

Once the initial access is granted, the service places a token with the cloud computing service so that each time the end user accesses that service they don't have to go through RSA Cloud Trust Authority service. That way the service adds a minimal amount of overhead to the overall environment so as to have no material impact on the application.

Longer term, Mehta says he expects to see IT organizations integrate internal applications running on top of private cloud computing deployments as well. After all, most IT organizations would not quibble with the value of identity management, it's just that implementing it has been a challenge. If RSA and other vendors jumping into this space can take this issue off the IT table, then it stands to reason that identity management will become much more widely deployed.

And once identity management is more widely deployed, we should be able to finally start getting past most of the security issues holding back cloud computing both inside and outside the enterprise.