Computerworld - Your Strategic Guide to Security 2011

Chakkarapani, IT director of technology solutions and operations for the Chicago-based organization.

SAML, short for Security Assertion Markup Language, is an XML-based standard for exchanging authentication and authorization data between security domains. The AHA wants cloud service providers to use this open standard to make it easier for participation in a hybrid cloud-based single sign-on (SSO) environment the organization launched last year and is growing over time, Chakkarapani says.

The AHA installed access management and SSO appliances behind its firewall for proximity to its Active Directory server and social platforms, but it allows the vendor, Symplified, to deliver passwords and updates from the cloud. The organization is also looking to enhance that architecture, forcing users trying to tap into the SaaS applications from their homes or elsewhere to pass through the Symplified cloud for authentication and authorization, Chakkarapani explains.

“We’re looking to enhance the security circle,” he says.

If using security as a gating factor for cloud service adoption on the one hand while embracing cloud security services on the other seems incongruous, it shouldn’t, experts say. While the motivations are different, enterprise IT professionals would be foolish not to consider security for the cloud as well as security from the cloud.

Cloud provides a good opportunity for a security rethink. “People are using it almost as a reset button” when it comes to deciding how to approach security, says Phil Hochmuth, a security products program manager at IDC.

He points to recent IDC survey data on cloud security as evidence. Half of the 174 respondents who had cloud services deployed said they believe cloud computing/SaaS vendors can provide better security than internal IT can. “People are thinking, ‘Hey, this could be the answer for a lot of the problems we’ve had,’ ” Hochmuth says.

Charles King, principal analyst at Pund-IT, agrees. Security too often has grown in an organic but not necessarily organized way, he says. That has resulted in multivendor