I'm pleased to announce the immediate availability of Dell One Identity Cloud Access Manager 8.0. This major release is a significant update to our web single sign-on, web access management and identity federation solution. And in a way, it includes a "little something for everyone" - meaning it has new capabilities in many different focus areas, including business-to-consumer (B2C) deployments, strong authentication scenarios and in-house application development.
Adaptive, Risk-Based Authentication
With all the news these days about security breaches - and so many of them involving stolen passwords - its no surprise that strong authentication (the use of two-factor authentication solutions, smartcards, X.509 certificates, etc.) is seeing a resurgence in importance. By requiring something besides a username/password to access applications, security professionals can better protect their enterprise data. At the same time, no one wants to unduly limit productivity - indiscriminately putting barriers between users and their work is an equally risky proposition.
The best approach to employing strong authentication for web applications is to do so with an awareness of context - information like "is the user using a browser they've used before" or "is this a physical location and time of day typical to the user's login history." These context data elements can be used to assess how risky an access request is - how likely it is the person on the other end is your user, and not an attacker.
CAM 8.0 ships a new component called Dell's Security Analytics Engine, whose job it is to assess these very context elements, and provide CAM with the ability to adapt to heightened risk by asking that a user present a second factor of authentication, or by blocking the user altogether. Dell's Security Analytics Engine can work on its own, or it can optionally leverage information from complementary Dell solutions like SonicWALL network security appliances or SecureWorks threat intelligence data. And CAM can apply these risk policies to individual high-risk applications, or to the entire application environment.
Users forget passwords - but not all passwords are equally likely to be forgotten. A user is much more likely to recall the AD password they to use to access the network each day than they are to remember a password to a less-frequently-visited internet site. This is why social authentication - authenticating to internet sites with Facebook, Microsoft LiveID, etc. credentials - has become so popular. Social authentication allows endusers to remember fewer passwords, and that is extremely valuable to end users.
CAM 8.0 now supports the OAuth 2.0 protocol as a client, which enables endusers to authenticate to the centralized authentication infrastructure using credentials from popular social web sites. In an important twist, since social sites seldom hold the kind of data used by organizations for determining roles and application permissions, CAM presents an "account linking" process so that authorization can be driven from internal data, while authentication can be outsourced to a password users are more likely to remember. This may be appealing, for example, to education institutions targeting alumni, or to organizations running "portal" environments for customers or partners.
Mobile Application Development
For organizations with their own IT development group, modern application development is seeing a different kind of resurgence - the resurgence of "rich client" applications. Specifically, organizations are now prioritizing the development of native mobile applications (apps that don't run in a browser, but instead natively in a mobile device OS) as first-class citizens on par with - and sometimes ahead of - web application interfaces.
CAM 8.0 introduces support for the modern protocols used most for mobile application development, namely OAuth 2.0 (this time as an authorization server) and OpenID Connect. Unlike the Security Assertion Markup Language (SAML) protocol popular with web apps, OAuth 2.0 and OpenID Connect were developed with native apps and REST-based interfaces in mind. With this support, organizations deploying CAM can leverage their existing web application authentication infrastructure with this class of applications, as opposed to writing all the access control logic "from scratch" like they did for web applications a decade ago.
There's even more new in Cloud Access Manager 8.0, but this post is getting too long! I encourage those interested in learning more to visit CAM's web page, and to post here if you have any questions.