[ad_1]
Google launched Next London, its annual conference around the Google Cloud platform, with a host of feature announcements, including business strategy restrictions and extensive deployment of Alert Center for G After. Following this announcement, it unveiled today a new CIAM platform, contextual access for GCP and secure support for Light Directory Access Protocol (LDAP). for traditional applications and IT infrastructure.
"Expectations have changed," said Karthik Jayachandran, general manager of Google, during a press briefing in early October. "Users expect mobile, agile work environments across multiple devices, which change our understanding of security, access, and control. The directors want them to live this modern, forward-thinking experience, but they do not want security compromised. The perimeter has disappeared.
That's where the cloud image for clients and partners (CICP) comes in. It's a bit biting, but the concept is simple: an identity management platform that extends the security "of Google level "to applications, services and websites.
"You may want to accept passwords or social networking IDs," said Jayachandran. "Cloud Identity enables application developers to focus on their applications by offering multiple ways to integrate authentication. We can protect applications with the cloud – their application becomes just as secure from the point of view of authentication and identity. "
Cloud Identity for Customers and Partners (CICP)
Three components make up the heart of CICP: an authentication service, automated threat detection and a scalable infrastructure.
As Jayachandran explained, CICP authentication, based on Google's internal identity technology and its Firebase application development platform, provides a customizable framework for managing application flows for the future. registration and user login. It supports basic authentication of passwords and passwords, phone numbers and social network accounts, as well as more sophisticated systems such as Security Assertion Markup Language (SAML) and OpenID Connect. (IDOC). And it's compatible with a range of client-side (SDK) software development kits on the web and mobile platforms (on iOS and Android), as well as with server-side SDKs, including Node.js , Java and Python.
Automatic threat detection – the second pillar of the CICP – leverages Google's intelligence in the cloud to detect signs of account compromise. (In the future, this will allow two-factor authentication in the CICP.) Meanwhile, in terms of scalability, Jayachandran said the CICP would include "enterprise-level availability" and technical support at launch. .
"If an access request comes from an incorrect IP address or website, an administrator does not need to enter and block it manually," he said. he declared. "We take care of it automatically."
Cloud Identity was introduced in June 2017 in G Suite, but is launched this week as a stand-alone package. It will be available in public beta in the coming weeks.
IAP Cloud
The first contextual access service, offered by Google, allows customers to use GCP's VPC service last July. It controls the ability to impose conditional policies on APIs, resources, suite G, and GCP applications. This essentially allows administrators to allow or deny users access based on their identity, location, device security status, and context.
"We are looking for who the employee is and what they are trying to access," said Jayachandran. "We have eight services with over a billion users. We are able to scan the web and search for bad websites. You do not have to worry about getting hacked. "
As previously announced, Google offers these features to Cloud Identity-Aware Proxy (IAP) clients in beta. As of today, eligible accounts can manage access to GCP-hosted web applications based on context, in addition to identity.
"For example," Karthik Lakshminarayanan, director of product management at Google, said in a blog, "IT and security teams can … limit access to their applications only from specific countries in Europe" .
LDAP in the cloud identity
For the uninitiated, Lightweight Directory Access Protocol (LDAP) is an Internet protocol that applications and hardware devices use to search for data stored remotely. Lakshminarayanan notes that a number of companies depend on it, but often at the expense of integration into SaaS (Software-as-a-Service) applications.
"Allowing users to access SaaS and traditional applications in a simple way is a challenge and usually requires IT teams to manage two identity management systems," he said.
Google's response is LDAP in Cloud Identity, which enables LDAP-based applications and servers to leverage GCP's identity management platform, whether deployed on premise or in the cloud. Google says that virtually all applications that support LDAP over SSL, including those that rely on an existing identity infrastructure, such as Microsoft Active Directory, are compatible with secure LDAP.
"This means that users can use the same Cloud Identity credentials that they use to connect to services such as G Suite and other SaaS applications in order to connect to traditional applications." said Lakshminarayanan. "Another benefit is that administrators can now manage everything in one place."
Aruba Networks (HPE), Itopia, JAMF, Jenkins (Cloudbees), OpenVPN, Papercut, pfSense (Netgate), Puppet, Sophos and Splunk, as well as Doctor on Demand are among the launch partners of Google's LDAP in Cloud Identity.
Google announces that it will begin to be deployed globally in Cloud Identity and G Suite customers in the coming weeks.
"We have put considerable effort into providing our customers with extensive identity and security capabilities," Lakshminarayanan said. "We believe that it is essential to secure identities and access so that businesses can grow, and we will continue to offer innovative solutions to help customers have peace of mind."
Source link
