Securent, a startup that makes software to regulate what corporate-data employees can access on their computers, has upgraded its platform with
new support for databases and collaboration applications.
The startup hopes its software will gain traction in the emerging
entitlement management software market, where Securent, Oracle (Quote), BEA (Quote), CA (Quote) and others
to imbue corporate networks with more fine-grained access control.
Securent’s Entitlement Management Solution (EMS) version 3.0, based on the
OASIS Extensible Access Control Markup Language (XACML) standard, uses
strict policy enforcement to protect sensitive data for Oracle Database and
Microsoft SQL Server.
Howard Ting, director of product management for Securent, said Securent
added database support because customers wanted their data protected from
rogue administrators and rogue applications, which could pull out sensitive
data from the database.
For example, Ting said EMS v3.0 will keep rogue applications from using SQL
queries to swipe credit-card information from a database supporting a
retailer’s e-commerce system.
“We apply a filter or policy-based control point on the data itself, so that
any database query that comes in, we determine whether that user, caller or
application can make the query and return the appropriate information based
on pre-set policies,” Ting said.
Securent EMS v3.0 also covers more collaboration applications than v2.0,
including Microsoft Office SharePoint Server 2007 (MOSS), JBoss Portal 2.4
and 2.6, and BEA WebLogic Portal 9.2.
Targeting these collaboration applications is hardly an accident. Such
applications enable ad-hoc collaboration environments, which are huge
vulnerability pots for enterprises, Ting said.
The broader applications coverage is possible through new agents
that dictate what application user can access what information and for what
duration, Ting added. If end users try to monkey with the policies, Securent’s agents
“A SharePoint end user can set up a site and give permission to share
documents and collaborate, but whenever there is a violation in a permission
that an end user would set inside SharePoint, our system would override
that,” Ting said.
This ensures that companies’ documents and data are protected. Stringent
control database and applications control is a boon for companies concerned
about enforcing internal or external compliance rules, such as HIPAA,
Sarbanes-Oxley and SEC 17a-4.