888-4 BITKOO | 888-424-8566 24/7 Phone Support

• Home
• Products
  • Keystone
  • SecureWithin ™
• Solutions
  • Fine-Grained Authorization Management
  • Regulatory Compliance
  • Enterprise Single Sign-On
  • Enterprise SOA Security
• Services
  • Implementation
  • Training
  • Support
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • News & Events
  • Resources
  • Demos/Webinars
  • Careers
  • Contact Us

Solutions

• Fine-Grained Authorization Management
• Regulatory Compliance
• Enterprise Single Sign-On
• Enterprise SOA Security

Regulatory Compliance

Government and financial institutions are urging stricter controls on access to consumer data, financial data, and other sensitive information. They’re also demanding stronger reporting and auditing capabilities.

With Keystone’s holistic authentication abstraction layer and fine-grained authorization engine, enterprises can get automatic compliance with most IT governance mandates. How? For the first time, an audit can reveal who is authorized to perform each function, who granted access to perform that function, and under what specific circumstances. Because Keystone provides such deep auditing capabilities, most auditors (regardless of regulatory compliance requirements) are able to perform the necessary analysis. There is no hidden logic, and nothing requires additional research by the auditors.

Compliance is easier with a unified control system. Compliance is too often regarded as an inevitable cost of doing business when it can actually serve to increase an organization’s security, transparency and agility. We live in an ultra-connected world where computing systems are vital to every aspect of an organization. Any unified control system that governs access to data and systems – and provides audit and flexible reporting capabilities – places that organization in an advantageous position when it comes to compliance. In fact, such a system often enables organizations to exceed compliance requirements.

Keystone’s holistic approach. Many enterprises are understandably reluctant to re-invent compliance mechanisms for a multitude of systems that have been pieced together over time and lack real cohesion and interoperability. Rather than retrofitting existing systems, organizations can achieve compliance while ensuring consistency, faster implementation, and significant cost reduction. How? By using a centralized access control system such as Keystone.

Keystone’s technology simplifies compliance – making prevention and response activities much easier and more flexible – by abstracting the hard-coded authorization controls from applications, and providing the opportunity to centralize access controls.

To comply with regulatory mandates, many companies periodically certify critical applications. This re-certification process is often very costly and disruptive. If every application employed a standard set of protection mechanism, multiple applications could be audited simultaneously at a fraction of the audit costs.

Creating an audit trail
Enterprise applications often provide their own authorization models. This can be problematic when organizations must show compliance, because when individual applications manage a proprietary data format that represents a user’s functionality, it’s nearly impossible to get visibility into what a certain user or group can do across multiple applications. Not only that, but when applications utilize multiple user stores, it’s often difficult to produce meaningful reports that meet the audit requirements.

Keystone addresses the problem by creating an audit trail for every change from any source, quickly determining:

• How a user authenticated
• Which authentication provider was used
• Which functions were performed
• Who authorized the user to perform these functions
• Source IP address
• Exact nature of the function

© Copyright 2008. All rights reserved. Sitemap | Legal

Home | Contact Us | About BiTKOO