"Understanding which users do what and where, on networks and on applications, is a key component of the compliance strategy of virtually every enterprise. Doing so requires implementing a security architecture based on the roles and identities of users.

Collateral Links:

SAS 70 – Customer Testimonial

Critical Asset Protection

Protecting Business Critical Assets and Information

An online information system can be infiltrated at three attack levels: the network, the system, and the application. With few exceptions, the purpose of a computer attack is not to take control of a network, but rather to hijack an application and its data. If there is no network level access control within the internal network, application level access controls and permissions can be circumvented by using a number of network, system or application level attacks. The concept of security breach comes from the fact that there exists a way to gain access to a higher layer (or access level) by defeating the security policy protocol between two layers (or access levels). If you can control the application, all dependent layers are compromised.

Organizations must secure stored data to ensure its integrity and privacy. Compliance-ready networks typically require securing stored data, controlling access to data, ensuring availability of data and applications, and monitoring network events. Typically, perimeter firewalls and VLAN’s deployed internally – while providing protection from unauthorized internal access attempts – suffer the same issues as other rule based devices. The policies are only effective when the user is connected through one of the network device’s ports. If the user moves, or roams somewhere else, their policy does not follow them as it does with the directory based user policy.

Organizations have become more vulnerable to threats from internal sources as the use of networks for resource sharing has grown. Traditional IP-based solutions using ACL’s and segmentation have proved difficult and time consuming when trying to maintaining an effective security posture
Critical assets can be defined as applications and databases storing sensitive customer data, a company’s intellectual property, Internal Human Resource data, and financial information such as Payroll. If this data is compromised, the impact would adversely impact an organizations ongoing business operations

Identity Provides Unparalleled Internal Network Protection

Implementing network level enforcement using identity helps to secure critical resources from malicious and unintentional misuse and intrusions, whether the user originates from outside or within the organization.

With dynamic policy implementation, all resources are “cloaked” until the user initiates accesses via the gateway
Validates the user and then applies a policy based on the user’s explicit privileges.

Critical Resource Protection

In this case, identity aware network solutions - in line with best practices - enable the implementation of specific controls particularly appropriate for many aspects of regulatory compliance requirements. Attackers may be able to breach the external security controls, but if they can't even “see” the most valuable business assets, they will have nothing worthwhile to exploit.