"Understanding which users do what and where, on networks and on applications, is a key component of the compliance strategy of virtually every enterprise. Doing so requires implementing a security architecture based on the roles and identities of users.
Collateral Links:
User & Group Separation
Internal Misuse, Abuse and Compromise
One of the fundamental issues faced by IT managers today is the lack of a basic, consistent framework needed to protect intellectual property, customer data, and sensitive information.
Networks today are typically based on a “topology aware” architecture utilizing methodologies developed more than twenty five years ago, leaving IT resources struggling to meet the necessary standards required to address today’s dynamic TCP/IP based environments.
While many organizations have spent considerable funds for perimeter security to keep unwanted intruders out, the internal network communities have tended to be – by default - implicitly trusted. Therefore, the requirement to implement internal, network level access controls has been seen as an unnecessary expense. As a consequence, internal access controls within applications and software based security solutions have been the last line of defense against data compromise. This has left the soft underbelly of the network exposed to attack and has, for many organizations, proven to be an erroneous data defense strategy.
- Beyond just employees, users granted access to the network now include guests, government contractors and government auditors - as pervasive network access has become an integral part of day-to-day operations. This further advances the requirements for network level user and group separation.
Identity Aware Networks Enforce User, Role and Group Separation
Using ID-Enforce, network level user and group separation provides a way to virtually segment users, groups and network resources from each other. Identity aware network solutions can give organizations the ability to bridge-the-gap between application level and network level access controls by controlling access at the lower layers within the network - without the need for complicated firewall and router rule updates. Therefore, identity provides a more consistent, finer grain policy control of resource access and enforcement than existing application level or topology based security controls.
- ID-Enforce can be used in a conference room to allow visitors who need access to the Internet for doing demonstrations, or reaching their main office, while blocking their access to any of your organizations critical resources
- ID-Enforce can complement the privacy enabled by the WEP or WPA security features of your wireless network when deployed at the interface between a wireless network segment and the internal network backbone
- ID-Enforce can segment a particular department's resources and users, such as finance or a software development lab, for data or information that must be strictly controlled