The startup hopes its software will gain traction in the emerging entitlement management software market, where Securent, Oracle (Quote), BEA (Quote), CA (Quote) and others are trying to imbue corporate networks with more fine-grained access control.
Securent's Entitlement Management Solution (EMS) version 3.0, based on the OASIS Extensible Access Control Markup Language (XACML) standard, uses strict policy enforcement to protect sensitive data for Oracle Database and Microsoft SQL Server.
Howard Ting, director of product management for Securent, said Securent added database support because customers wanted their data protected from rogue administrators and rogue applications, which could pull out sensitive data from the database.
"We apply a filter or policy-based control point on the data itself, so that any database query that comes in, we determine whether that user, caller or application can make the query and return the appropriate information based on pre-set policies," Ting said.
Securent EMS v3.0 also covers more collaboration applications than v2.0, including Microsoft Office SharePoint Server 2007 (MOSS), JBoss Portal 2.4 and 2.6, and BEA WebLogic Portal 9.2.
Targeting these collaboration applications is hardly an accident. Such applications enable ad-hoc collaboration environments, which are huge vulnerability pots for enterprises, Ting said.
The broader applications coverage is possible through new agents that dictate what application user can access what information and for what duration, Ting added. If end users try to monkey with the policies, Securent's agents intervene.
"A SharePoint end user can set up a site and give permission to share documents and collaborate, but whenever there is a violation in a permission that an end user would set inside SharePoint, our system would override that," Ting said.
This ensures that companies' documents and data are protected. Stringent control database and applications control is a boon for companies concerned about enforcing internal or external compliance rules, such as HIPAA, Sarbanes-Oxley and SEC 17a-4.