Product Review: McAfee Cloud Identity Manager

Identity management tool provides single sign-on to apps.

Every user is familiar with the struggle to remember multiple passwords to various systems. With McAfee Cloud Identity Manager, IT departments can relieve some of that pain.

By centralizing identity management and control, Cloud Identity Manager provides users with single sign-on access to cloud applications. In addition, the identity management tool creates a web portal for a variety of online serv­ices, ranging from LinkedIn to Amazon, to which users can connect with a single click. The central server that controls access manages passwords and sign-on credentials for web services, protects against data loss and compliance violations, and logs user activity.

Advantages

McAfee Cloud Identity Manager offers IT departments a central means of controlling identity-based access to cloud applications. For users, the tool simplifies and secures cloud access. For managers, it supports policies that require strong passwords.

The product integrates with any Lightweight Directory Access Protocol 3.0 directory service, such as the popular Microsoft Active Directory. This integration means that users need to remember only one password, which eliminates a number of common security weaknesses.

Cloud Identity Manager enhances security for all users by supporting two-factor authentication. A one-time password capability uses mobile messaging such as SMS or email.

Why It Works for IT

McAfee Cloud Identity Manager works with the most commonly used server operating systems, such as Windows Server 2003, Windows Server 2008 and Red Hat Linux. The product runs in the background as a service. IT managers can access the management console through a web browser, from the server itself or from a machine elsewhere on the network.

Once configured, the McAfee tool provides a highly flexible policy ­manager that provides for role-based access, control over location access (for example, allowing access to cloud applications from within the office but not from outside) and audit logging. IT managers can use the console to set password and access policies, such as requiring a specific number of characters or varying levels of password complexity for different classes.

IT managers can also use Cloud Identity Manager to create specific security standards, such as up-to-date security software, antivirus tools and smartcard authentication. Intel Identity Protection Technology (which is built into second-generation Core i3, i5 and i7 processors) can validate clients. However, Cloud Identity Manager doesn't require the use of Intel processors and worked fine in our lab on an AMD-based server.

McAfee offers a long list of predefined connectors for commonly used cloud software, including Google Apps and Salesforce.com. Most cloud applications that support Security Assertion Markup Language 2.0 can retrieve authentication information from the platform. McAfee also includes application programming interfaces so organizations can incorporate custom cloud applications.

Disadvantages

Implementing McAfee Cloud Identity Manager requires deep knowledge of server operating systems and directory services. While it's possible for a skilled IT technician to implement this product, McAfee recommends retaining professional services to make sure the complex installation is done properly.

McAfee
Apr 11 2013