RealTime IT News

Entitlement Management Out of Stealth Mode

Much is made about identity management on the Web these days, with terms like single sign-on, authorization and authentication liberally tossed around.

Try this one on for size: entitlement.

Securent today entered from stealth mode with a mind to tackle what CEO Rajiv Gupta said is the next layer of protecting applications in an Internet environment: more fine-grained security through entitlement management.

"If you're trying to protect something of value, whether it be applications, or databases or even the network, you want to figure out who has access, that's all about identity management, single sign-on, authentication," Gupta said in a recent interview.

"If this particular access by this person, in this context, trying to perform this action, with this message, this time of day, and so on, is allowed or not. The administration, enforcement, the audit and review of these policies is what we do."

Gupta, who co-created HP's E-Speak Web services movement and founded secure Web services provider Confluent Software, said Securent's Entitlement Management Solution (EMS) suite lets IT administrators forge application controls without custom code, which is what most traditional security applications are built on.

Custom code can be "brittle and expensive" to develop and maintain; Securent's software is based on OASIS' Extensible Access Control Markup Language (XACML), freeing programmers up to commit to other important tasks in the data center.

This can save companies time and money.

EMS is also different from traditional application security suites in that it uses a Distributed Externalized Entitlement Platform (DEEP), which separates security logic -- data about users and policies -- from the application layer.

Gupta argues that this technology gives companies greater control over access to their applications, databases, networks and portals. This is highly important because audits and corporate compliance regulations have become more stringent.

Burton Group analyst Gerry Gebel said the industry is heading toward implementing a centralized service that is able to process complex and lengthy decisions so a business application doesn't have to incorporate all this internally.

EMS consists of three components, spanning the front end to the middle to the back end.

The Policy Administration Point (PAP) includes an interface for security policy makers to define and assign who has access to what information or applications. The Policy Decision Point (PDP) is the gateway to analyze the authorization policies.

Finally, Policy Enforcement Policy (PEP) is the final traffic cop, making sure that policies comply with internal controls, as well as government regulations, such as Sarbanes-Oxley and HIPAA.

EMS comes in a Linux appliance, or strictly on its own, supporting both Java and .NET. It runs on standard J2EE servers, including Websphere, Weblogic, and open source stacks.

Gupta, who believes entitlement management will be the next big thing in the multi-billion-dollar security software market, said Securent has customers in production, including Credit Suisse (CSFB) and Qualcomm.

Gebel said the entitlement management market should be a strong growth area as it emerges, evolves and matures.

Securent is playing in an interesting security market that was once loaded with startups but has experienced major consolidation in the last three years.

HP bought TruLogica, Oracle bought Oblix (which in turn bought Gupta's Confluent), Thor and OctetString, among other big fish-little fish plays.

Bigger dominoes fell in 2006, with EMC acquiring RSA Security and IBM notching Internet Security Systems.