The XACML and Fine-Grained Authorization Leader

Support: +1-818-985-4700 (Ext. 2) | Contact Us

• Products
  • Keystone
  • Keystone for SharePoint
  • DB-Wall
• Solutions
  • XACML
  • SharePoint 2010 Security
  • Database Security
  • Cloud Security
• Services
  • Implementation
  • Training
  • Support
• Resources
• News & Events
  • Blog
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • Careers
  • Contact Us

Solutions

• XACML
• SharePoint 2010 Security
• Database Security
• Cloud Security

• Schedule
• demo
• Download

Cloud Security

The Challenge

An increasing number of organizations are moving to the cloud because of the cost savings, efficiency, scalability and flexibility of cloud computing. There are many different ways of building applications using cloud computing services. Regardless of what type of cloud technology you choose to adopt, you need to think about the security aspects for your cloud applications.

Implementing security for cloud applications can be complex and expensive. Here are just some of the questions to consider:

• What is the method of authentication?
  • Should you use an existing, on-premise directory, and either replicate it to the cloud or expose it to the cloud?
  • Or should you go with a cloud-hosted directory? This results in more questions:
    • Which directory to choose?
    • What protocol does it use?
    • How do you use it?
    • How do you add/remove users?
    • How do you manage user self-service?
• How will you provide fine-grained authorization?
  • Should custom code be written to protect URLs, methods, web service methods, tables, columns, rows, etc? Or should you go with a generic authorization mechanism? If so, which one?
• How will delegated administration be handled?
• How will users be provisioned/de-provisioned? And how will their passwords be managed, including self-service resets for forgotten passwords?
• How will secure audit trail be incorporated to provide evidence for compliance audits?
• How will reporting be handled?
• How will Segregation of Duties be enforced?
• How will you address fail over?

As you can see, all of these security considerations must be carefully addressed for cloud applications. Rather than having application developers become security experts and having them reinvent the wheel, the best strategy would be to use a commercial product that has been battle-proven by some of the world’s largest organizations.

The BiTKOO Approach

Authentication, fine-grained authorization, single sign-on, federation, segregation of duties, delegated administration, reporting, audit trail, etc—all of these security aspects are available from BiTKOO as cloud services, on-premise services, or a hybrid cloud/on-premise services. Organizations can serve their cloud applications by consuming the BiTKOO Keystone service from the cloud. Keystone is the industry’s fastest 100% XACML standards-based technology that externalizes and unifies the management of authentication, fine-grained authorization, single sign-on, federation, segregation of duties, delegated administration, reporting and audit trail.

Furthermore, BiTKOO’s SecureWithin allows organizations to securely expose their internal, behind-the-firewall endpoints, like user directories, to authorized Internet clients. It accomplishes this without the deployment of VPN technologies, DMZ replication, firewall reconfiguration or the poking of holes in the firewall. Because only those designated endpoints are exposed, the rest of the internal network remains protected behind the firewall. This combination results in the quickest, most robust and cost-effective approach for application developers and IT security administrators to implement world-class security for their cloud applications, while alleviating their most complex security concerns.

Key Benefits

• Save Time and Reduce Costs
  • Resource-consuming tasks of setting up duplicate instances of internal systems on a DMZ accessible from the Internet and synchronizing the data between the internal and external systems are eliminated.
  • Firewall and network configurations do not have to be modified. Organizations can leverage their existing infrastructure.
  • There is no need to install and maintain client side software.
  • With BiTKOO’s federated identity and trust management, organizations can leverage their existing authentication and authorization infrastructures to resources both on-premise and in the cloud.
  • BiTKOO technologies are suitable for any IT environment with a variety of delivery methods—software, hardware appliance, virtual machine appliance, cloud delivery, hybrid, etc.
• Strengthen Security and Assure Compliance
  • No holes are poked in the firewall allowing organizations to remain compliant with their corporate security policies.
  • Centralized control and visibility of XACML-compliant, fine-grained authorization policies ensures that security policies are applied immediately and consistently across the enterprise.
  • Administrators can easily create, enforce and audit security policies for Segregation of Duties (SoD).
  • Every activity performed through a BiTKOO solution is securely logged and made available in a wide array of customizable reports for compliance purposes.
• Enhance Business Agility
  • Business agility and rapid time to value are realized through the BiTKOO approach. It is the quickest, most cost-effective method while ensuring maximum security.
  • By fully supporting interoperable standards like XACML, BiTKOO solutions allow customers to have greater flexibility and freedom of choice.
  • Any application can be securely exposed in minutes—SharePoint, web services, web applications, Active Directory, LDAP, Exchange, FTP, more.
  • Every BiTKOO component can fail over to an unlimited number of nodes ensuring high availability, high performance, and no single point of failure.

Learn More:
Keystone
SecureWithin

© Copyright 2012 Quest Software, Inc. All Rights Reserved

• Legal |Contact Us