Standards-Based Entitlement Management Product from Securent
Securent Launches Industry's First Standards-Based Entitlement Management Product
Fortune 500 Companies Deploy Securent to Strengthen Security and Lower Cost of Controlling and Auditing Access to Sensitive Applications and Confidential Data
Santa Clara, California, USA. November 29, 2006.
Securent today announced the industry's first standards-based product to solve the pain of Entitlement Management by providing the ability to manage, enforce, review and audit policies for context-dependent access to resources across the IT stack (portals, applications, data, and networks). Securent's Entitlement Management Solution (EMS) has already achieved early industry acceptance by analysts and customers, and has been selected by multiple Fortune 500 companies including QUALCOMM and Credit Suisse. By delivering its technology as an XACML-compliant (Extensible Access Control Markup Language) solution, Securent is setting the standard in Entitlement Management and fast becoming the product of choice for securing mission-critical environments.
"While first-generation identity management solutions succeed in authorizing users, they don't provide the granular level of control that our HR systems require," said Peter Rubenacker, senior director of information technology, QUALCOMM. "Securent provides us with a flexible policy control tool that enables us to make our applications and data secure and compliant with regulatory guidelines without the time and maintenance requirements of building it ourselves."
Entitlement Management is a new, distinct category within the overall Identity and Access Management market, which to date has focused on addressing the need to determine "who" is making a request. However, this class of products has not yet addressed the second half of the security problem, namely, determining and enforcing "whether" the person or application is entitled to access the particular request. Since enterprises are commonly required to provide differentiated levels of access, developers and IT departments have had little choice but to address the need for context- dependent or fine-grained access control by custom coding security policies into each individual application, data source, and communication channel.
Given the heightened security requirements of today's distributed enterprise, entitlements are becoming a fundamental component of most corporate security initiatives. For example, entitlements control access to sensitive information by ensuring that every employee should not be allowed to access every financial report and every employee record. Entitlements are also critical in regulated environments where organizations are required by law to ensure that requesters of a transaction should not be allowed to also approve the transaction, and that analysts should not be allowed to communicate with brokers. Despite the fundamental need for this level of security, the ad hoc and stove-piped approach of building custom entitlements is extremely time consuming and expensive to develop, maintain, and administer. Even worse, the resulting inconsistency and impact on corporate access policies leads to security loopholes, audit nightmares and an inability to meet compliance requirements.
"Entitlement management and finer-grained authorization aren't new disciplines. However, new approaches and market drivers are leading to the emergence of a distinct category of product within the overall identity management market," said Gerry Gebel, VP and Service Director at Burton Group. "Contemporary entitlement management products offer a standards-based mechanism for externalizing more security decision processes from application logic — a long time goal for IT architects."
Securent's EMS product suite is based on a number of patent-pending technological advances that comprehensively address the needs of entitlement management, particularly in modular IT environments such as Service-Oriented Architectures (SOAs) where the plug-and play architecture of EMS is complementary to the security requirements of service-based computing.UL
Securent EMS externalizes entitlements from applications, resulting in significant cost savings to the enterprise. Using a three-tiered distributed architecture allows context-dependent entitlement policies to be managed and enforced on every access to a resource without requiring any entitlement logic in the resource itself.
Securent provides significant time to market value for the enterprise. EMS' proprietary Distributed Externalized Entitlement Platform (DEEP) enables rapid and light-weight integration with the resources being protected, and with existing sources of context information (e.g., document meta-data, user profile, and time of day) used in the entitlement policies.
Securent EMS allows enterprises to meet compliance requirements and respond to changing business needs through simple configuration changes of policy. EMS' Active Policy Management technology presents the entitlement policies across a distributed, heterogeneous environment as a consistent, high-performance, XACML-compliant service that can be centrally administered, reviewed, and audited on-demand.
"As companies open up their networks, data, and applications to customers, employees, and partners, they must also administer, enforce, and audit role and rule-based policies to determine who in an organization is entitled to access which resources and under what conditions," said Rajiv Gupta, founder and CEO of Securent. "Securent is dedicated to making Entitlement Management a competitive advantage for enterprises."
Securent is the leader in Entitlement Management. It has delivered the industry's first XACML-standards based Entitlement Management solution that has been proven in mission-critical enterprise environments. Securent's Entitlement Management Solution (EMS) leverages a number of patent-pending technological advances to allow enterprises to enforce entitlement policies at very high performance across a heterogeneous IT stack and to manage, review, and audit the policies on-demand at a centralized console. The significant cost, time to market, and compliance benefits of EMS have been proven at many Fortune 500 customers. Securent has been recognized by the industry's leading analysts including Burton, Forrester, and Gartner. Securent is backed by funding from Greylock Partners and Onset Ventures. For more information, please visit www.securent.net.
Frances Bigley of Barokas
Tel: +1 206-571-7744
Prepared by Robin Cover for The XML Cover Pages archive. See also: (1) "Extensible Access Control Markup Language (XACML)"; (2) "Securent Joins With OASIS to Help Advance Open Standards for Application Entitlement Management. Application Entitlement Management Leader Leverages XACML 2.0 OASIS Standard to Provide Customers Fine-Grained Access Control Over Applications and Data."