Software // Information Management
News
5/15/2007
02:09 PM
Connect Directly
RSS
E-Mail
50%
50%

New Software Fine-Tunes Access To Data And Apps

Securent Entitlement Management Solution can be used to manage entitlement privileges not only to applications but to databases as well.

It's not hard to sell IT managers on the need for access controls that govern who has access to what within their IT environments. Any number of news stories recounting the exploits of insiders pilfering corporate data or employees inadvertently spilling confidential data out onto the Net is enough to make company a fan of access control. The problem, until recently, has been managing access controls across dozens of applications and the inability to specifically define access privileges.

This is changing as a relatively new category of access-control software, known as entitlement management, hits the market. The most recent iteration was Monday's launch of version 3.0 of Securent Inc.'s Entitlement Management Solution.

Securent EMS includes three components: one for centrally administering, managing, and monitoring entitlement policies; another for making access-control decisions in real time; and a third for enforcing those decisions. With version 3.0, Securent's software can be used to manage entitlement privileges not only to applications but to databases as well. This latest version can also be used to create entitlement management capabilities within a number of software portal products, including Microsoft Office SharePoint Server 2007, JBoss Portal 2.4 and 2.6, and BEA WebLogic Portal 9.2.

There's certainly no shortage of identity or access management vendors, many of them more established than Securent. Where Securent claims to stand out among its competitors, which to some extent includes BEA Systems, CA, and Jericho Systems, is its ability to define and enforce access right down to individual fields within an application, depending upon the type of access a user is permitted.

First American Corp., a provider of mortgage, title, and other property-related information, has big plans for entitlement management software as the company renovates its 10-year old intranet using the JBoss open-source Java application server software offered by Red Hat. The company began investigating its options about a year ago. The company first considered Oracle identity-management software, whose strength comes from the capabilities the Oracle acquired in recent years along with Oblix and Thor. But Oracle couldn't refine access control to the individual field within an application, said Gus Tepper, First American's VP of software development, in an interview.

First American is hoping that Securent's entitlement management software will give the company's system administrators the ability to restrict access to down to individual fields within the company's intranet applications. Users will not even be able to view certain fields unless it's required based upon their position with the company, the location of their office, or other specific criteria. Such capabilities aren't so much a foolproof security function as a way to maintain control over access to confidential company and customer information. "What it really does is keep people's hands out of the cookie jar," Tepper said.

Tepper clearly sees regulatory compliance requirements as driving the demand for entitlement-management software. "Today, when you get a group of SOX auditors in here, there's no central place they can go to see who has access to what," he said. "A lot of people move to different divisions within the company, but they're retaining their entitlements to information from their former departments. We need to put identity information in a central location."

Programmers have generally built access privileges into the applications they write. But First American wants some way to define access privileges once and apply them to a number of different applications. Securent enables this by letting its customers create a Web service that's called whenever a user tries to access an application.

The first phase of Securent's yearlong intranet revamp is set to go live August 20. That portion of the project will create and send notifications to all relevant departments when an employee is hired, fired, or moved to a different location. Subsequent features will be added as the project progresses, although Tepper says there are no plans right now to use Securent to restrict database administrator access, even though version 3.0 features this capability. If Securent is sufficiently able to protect First American's intranet applications and data, the company may consider a Securent implementation that offers entitlement management for Web-base applications used by customers, contractors, and business partners.

Securent's Entitlement Management Solution includes management and policy administration software, as well as policy enforcement agents and a software developer's kit for companies that want to use the entitlement management software with custom-written applications. The software also supports the Extensible Access Control Markup Language standard, which lets companies add consistent and seamless policy enforcement to applications and databases, including Oracle and Microsoft SQL Server.

Tepper considers his company's investment in Securent software to be a "low-to-mid size" expense at "a little over six figures." But that doesn't mean there isn't a lot riding on the success of this project. "I'm not in the business of throwing away a hundred grand," he said.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.