Today, security for the cloud involves simplistic SSO scenarios from tightly controlled corporate applications. However, users are demanding access to the cloud from a wider range of clients and directly through the cloud platform itself. From a compliance standpoint its a growing nightmare involving orphaned accounts, infected clients, and unauditable silos of user activity data left outside enterprise control.
The convergence of four key technologies provides an answer to the auditors: OTP second factor authentication for assurance, standardized audit log formats for correlation, a central policy enforcement point that is "aware" of client side security capabilities, and federated provisioning to manage account lifecycles on remote platforms. In this presentation transcript, industry security expert Gunnar Peterson, delivers his insight from field GRC projects to explain why and how the these technologies provides a critical backbone for GRC.