Chakkarapani, IT director of technology solutions and operations for
the Chicago-based organization.
SAML, short for Security Assertion Markup Language, is an XML-based standard for exchanging
authentication and authorization
data between security domains.
The AHA wants cloud service
providers to use this open standard to make it easier for participation in a hybrid cloud-based single
sign-on (SSO) environment the
organization launched last year
and is growing over time, Chakkarapani says.
The AHA installed access
management and SSO appliances
behind its firewall for proximity
to its Active Directory server and
social platforms, but it allows the
vendor, Symplified, to deliver passwords and updates from the cloud.
The organization is also looking to
enhance that architecture, forcing
users trying to tap into the SaaS
applications from their homes or
elsewhere to pass through the
Symplified cloud for authentication
and authorization, Chakkarapani
“We’re looking to enhance the
security circle,” he says.
If using security as a gating factor
for cloud service adoption on the
one hand while embracing cloud
security services on the other
seems incongruous, it shouldn’t,
experts say. While the motivations
are different, enterprise IT professionals would be foolish not to
consider security for the cloud as
well as security from the cloud.
Cloud provides a good opportunity for a security rethink. “People
are using it almost as a reset button”
when it comes to deciding how
to approach security, says Phil
Hochmuth, a security products
program manager at IDC.
He points to recent IDC survey
data on cloud security as evidence.
Half of the 174 respondents who
had cloud services deployed said
they believe cloud computing/SaaS
vendors can provide better security than internal IT can. “People
are thinking, ‘Hey, this could be the
answer for a lot of the problems
we’ve had,’ ” Hochmuth says.
Charles King, principal analyst at
Pund-IT, agrees. Security too often
has grown in an organic but not
necessarily organized way, he says.
That has resulted in multivendor