Cloud access control: Plug-in alters applications on a per-user basis

The new browser plug-in allows for per-user access controls with cloud application features, but at launch is limited only to and Google Apps and browsers IE or Firefox.

What if a browser plug-in could control the functions any particular user sees on a cloud-based application? This is the question British software company Overtis Ltd asked when creating its new product, in an attempt to solve the problem of users accessing Web-based corporate applications from a range of different mobile devices.

We think the browser is the new endpoint, and the best place to control access.

Ed Macnair, CEO of Overtis Ltd

The VigilancePro Web Applications Manager is designed to help companies enforce cloud access control policies for Web-based applications, such as The software plug-in is loaded into users’ browsers and is then able to monitor and control access to corporate applications, including controlling what parts of the application each user is uses.

“We think the browser is the new endpoint, and the best place to control access,” said Ed Macnair, CEO of Overtis. “Our Web Application Manager is a browser plug-in that allows acceptable use policies to be enforced in the cloud in the same way [they would be] if an employee were working at the company premises.”

By loading the plug-in into the user’s browser, companies can potentially offer single sign-on to multiple applications, as well as control what users are allowed to do when accessing the applications.

The product is launched initially with templates for and Google Apps, and compatible only with Internet Explorer and Firefox, and allows the organisation using it to show or hide application tabs, hyperlinks and buttons, and mask sensitive data, depending on the role, location and device status of the person using the SaaS application.

The system can also ensure activity such as copying, cutting, pasting and printing is centrally managed and audited, to prevent data leakage and to help companies comply with national and industry regulations governing data privacy.

“Some jurisdictions limit where personal data can go, for instance, so our system could check against an IP address and block off specified data when the user is out of that jurisdiction,” Macnair said.

The product also provides a log of users' SaaS activity, including any attempts to access restricted information.

Macnair said plans are underway to support other SaaS applications and other browsers, such as Safari and Chrome, over the next six months.

The product is charged on a monthly subscription per user, around £7 for the Salesforce plug-in, and £3 for the Google Apps version for an organisation with 2,000 users.

Fran Howarth, a senior analyst with Bloor Research Ltd, said: “One of the key drivers for this [browser plug-in technology] is that organisations want to give access to applications through mobile devices such as tablets. By forcing users to go through a kind of proxy server, you can ensure security without having to put agents on their devices, which may not be company owned.”

Howarth said that, while several companies are trying to address the problem of user-owned devices accessing company systems, the application shaping approach of Overtis is unique. “I’ve not heard of any other companies doing this,” she said.

While generally positive about the product, Howarth said its success would depend on how well it is able to support a wide range of SaaS-based services, as well as a range of different browsers in the future.

“I can see a lot of scenarios where this technology could be very useful,” Howarth said. “I think it’s a good idea, but I’d have expected them to have more services ready at the launch of this product. They are not going as fast as they should.”

Read more on Endpoint security