EnterSpace Security Suite™
-
Specific Benefits
The EnterSpace Security Suite (ESS) performs
Contextual Privilege and Entitlement Management.
In simplest terms, the ESS is used for the
management and evaluation (decisioning process) of security
business rules — in real-time; from an enterprise
level. Within an SOA, the software tool functions as an
enterprise security service.
Benefits Related to Management of
Security Rules — JR2 is the Policy
Administration Point (PAP). This real-time management and
administrative GUI for the creation, modification and implementation
of security business rules delivers significant benefits:
- The instant a security policy is created
or modified, it can apply to ALL users immediately —
the next request processed can be evaluated against the
new policy. Thus, the entire user community does not need
to be re-evaluated to change a security policy.
- Permissions and entitlements are derived
from the policy at RUN-TIME, eliminating the need for
static privilege management, inflexible Access Control
Lists (ACL), and group lists and the administration of
those lists. The concept of privileges being determined
at run-time is at the heart of what we mean by the term
“EnterSpace.”
- Enterprise security policies can be easily
designed and implemented by your Security Department or
subject-matter-expert with respect to the resource to
be secured.
- The tool is designed for ease of use;
you do not have to be an IT professional to use the ESS.
In addition, wizards and templates can quickly be created
for specific purposes.
- The browser-based, rules management GUI
of the tool enables the capability of highly distributed
policy administration, where applicable.
Benefits Related to the Evaluation
of Security Rules in Real-Time — Once security
rules have been captured through JR2; there are
a number of specific benefits derived from the advanced
decision-making process of our Policy Decision Point (PDP).
We call this advanced process the real-time enrichment of
the decision context:
- As soon as a user attribute change (e.g.
active employee to inactive employee) is registered within
the system-of-record by your identity management service,
the modified attribute will be available to the PDP.
- Therefore, the enterprise software tool
enables Single-Sign-On and SINGLE-SIGN-OUT.
- Example of Single-Sign-Out — A given
security policy includes criteria for "Employee Status."
The possible values for Employee Status are "Active,"
"Inactive" and "Terminated." The ESS
would enable a policy that would deny access to all secured
resources for the enterprise the second the employee status
was updated from "Active" to "Terminated".
Synergistic Benefits of an Integrated
System for Contextual Entitlement and Privilege Management
— Benefits from both the PAP and the PDP working together:
- The granularity of you security policies
can increase exponentially.
- Security policies are managed by a central
decisioning framework and network centric service, with
a common security rules language; thus enterprise security
is elevated from being application specific, to enterprise-wide.
- Centralized security enables centralized
auditability and compliance.
- Security policies are consistently applied
because the human element is eliminated from the evaluation
process; thereby reducing administration costs and security
risks.
- Robust customer, employee, partner and
vendor self-care initiatives can expand broadly; in a
secured fashion.
- Disparate public & private networks
can now share information & access to critical applications
without compromising enterprise security -- real-time
horizontal and vertical information sharing is enabled.
- Eternalizing security decisioning to a
callable network service can drastically reduce code bases
for new applications (privilege management logic accounts
for 40-60% of most enterprise applications) and thereby
application development cycle times.
