As your enterprise grows with additional Web applications and users, the management and scalability requirements of existing security systems increase, often resulting in cumbersome and redundant access-control models. By extending security to disparate platforms and localised authorisation schemes, you risk creating a new security hole.
Also, additional duties for administering multiple access policies can quickly tax your IT staff.
This is where Web authorisation servers come into play. Sitting between end users and networked resources, Web authorisation servers interface with existing security systems to authenticate users from a central point of access. They also provide management tools for simplifying the administration of security policies.
Securant Technologies' ClearTrust SecureControl 3.5 is a Web authorisation server and security management system that ties together your existing infrastructure and authentication schemes. It uses a standardised, rules-based application to consolidate access and authentication from a single point of management.
With ClearTrust, you can pull together a consistent security policy that can be extended, with fine granularity, over Web applications and networked resources for improved security, lower administrative costs, and improved deployment time for integrating partners.
ClearTrust is an affordable solution for midsize and larger companies looking to lock down resources. In addition to reducing administrative overhead, it offers advantages to the end user by eliminating the need for multiple user names and passwords.
ClearTrust's many features - including SmartRules on-the-fly authorisation; Virtual Business Units for delegated policy administration; scalability for load balancing; hot-swap fail-over recovery; and an arsenal of out-of-the-box plug-ins for quick integration with directory services, public key infrastructures, and Web servers - make it a good choice for large-scale distributed environments already invested in security solutions.
Despite inconsistencies between on-disk and printed documentation - such as missing setup instructions for revising .ini and .bat files in the presence of a Java Development Kit more recent than Version 1.1.6 - setting up ClearTrust was easy.
With only one system restart (far better than SiteMinder's multiple restarts), ClearTrust installed the necessary Java services and the database scheme for the Oracle 7.33 Workgroup Server, which is included to provide a localised, high-availability data store. The plug-in adapters for secure communication with Netscape, Microsoft, and Apache Web servers were also easily installed and configured.
ClearTrust's distributed architecture offers beneficial load balancing and scalability capabilities that keep pace with expanding needs, but preserves simplified management via a central point of administration.
ClearTrust extends the concept of centralised management to providing replication of Lightweight Directory Access Protocol (LDAP) directories. In addition to importing files in the LDAP Interchange Format, it interfaced natively with my Netscape Directory Server to provide synchronised management of directory changes. Support for various forms of authentication helps bolster security. ClearTrust's single sign-on feature, performed with an encrypted cookie, allows for automated authentication and seamless access across applications.
I must commend Securant for the comprehensiveness of its technical documentation, despite the setup glitch. It is packed with useful step-by-step guides and flowcharts that assist you in the methodology of securing your systems.
Setting rules and policies
I was pleased with ClearTrust's integration and administration features, but I was most impressed with its policy-development capabilities. SmartRules not only builds user groups with which to assign access rights, but it also includes provisions for incorporating business rules into the authentication scheme, such as department, account status, or account balance.
With a given criterion, such as a department name, evaluated at run time, SmartRules furnishes automated flexibility to the amount and type of access a user of any group is given by the system. This can be extended down to individual elements of a Web application.
ClearTrust provides another effective way to reduce administrative overhead through Virtual Business Units. These allow you to securely define and assign policy management duties down the administrative chain. For example, ClearTrust lets you give partners or department managers the autonomy to manage their users and Web content within the bounds of your company's security specifications.
Additionally, ClearTrust stocks an open API to integrate non-Web and legacy applications into the access management system through Java and C-based interfaces. With its Java/CORBA open-standards-based architecture, ClearTrust not only provides seamless integration for existing infrastructure, but also assures flexibility and reduced costs in meeting future requirements.
ClearTrust is a solid effort toward lowering administration costs, improving responsiveness at integrating new partners or applications, and, most important, improving security across your Web-based applications and network resources.the bottom lineClearTrust SecureControl 3.5Summary: This security management system's easy setup and plug-ins make integration with existing infrastructure a breeze. Its advanced features offer enhancements to basic security and policy development that are simple to deploy.
Business Case: ClearTrust's Virtual Business Units provide improvements over strict centralised management that reduce administrative costs and improve overall security. Also, its architecture based on open standards guarantees open- ended investment.
Pros: ¥ Easy administration ¥ Good reporting ¥ Implements good variety of authentication schemes ¥ Good out-of-the-box solutionCons: ¥ Needs more ready-made plug-ins for non-Web application integrationPlatforms: Windows NT 4.0 or higher, Unix Solaris 2.5 or higher.
No known Australian distributor. Interested parties should contact email@example.com. Pricing available on application. Free evaluation copy available over the Web.
Securant Technologies http://www.securant.com