Trust as a service

Trust as a Service or TaaS is a form of security as a service. As applications and infrastructure are increasingly delivered via on-demand, Internet-based delivery models (e.g., cloud computing), organizations are required to make a paradigm shift in moving the information and infrastructure out of their control and into a service provider's domain of control. Creating a model in which an organization can confidently make this shift is challenging because by definition, cloud services are opaque and lack sufficient transparency in how customer data in the cloud is stored and managed.
'Trust as a Service' or TaaS refers to the concept of on-demand security services provided by a trusted third party that is reasonably independent from an application or infrastructure service provider. Through creative application of existing security technology such as identity and access management, data encryption, and event management, a TaaS provider can ensure that the service provider can serve as a host but cannot misuse the customer assets and information without accountability or detection. For example, consider an organization that encrypts data before uploading it to a storage service provider. In this case, a TaaS provider could provide and manage the encryption keys so that the storage service has access to the encrypted customer data but not the encryption keys.
The TaaS provider may also protect a service provider from malicious user ativity by providing behavior profiling and risk analysis.
Finally, TaaS can balance convenience with trust by providing high assurance identity federation services. For example, an organization that wishes its users to access a cloud application may not want the cloud service provider to have access to its own user directories for authentication. But, they may be open to using identity federation services from a trusted third party TaaS provider.
To be credible, TaaS service providers will have to provide security solutions that blend with enterprise security already deployed at organizations. Successful providers are likely to be trusted names in the security industry with technologies spanning identity and access management, data security, and event management. Traditionally, security as a service providers have focused on anti malware, intrusion prevention, etc. TaaS has distinctly different characteristics from the traditional anti-malware security services.
Examples
Not many examples of TaaS exist today. Notable services available today include OpenID providers for consumer applications. TaaS providers will likely set up high assurance alternatives to OpenID based on the Oasis Saml standard.
An example of identity trust services is the .
Yet another example are the digital notary services that mushroomed during the late 1990s along with the emergence of PKI. The role of such digital notary services in reliably attesting to digital transactions conducted over the internet is likely to become very important as cloud computing is adopted widely.
 
< Prev   Next >