Guest

Cisco Policy Enforcement Point

Integration with Applications

Streamline Application Security and Empower New Business Scenarios

Cisco Policy Management products support and integrate with infrastructure and applications to allow you to administer, enforce, and audit access policies through a centralized management system across your network environment.

Portals and Content Management

Cisco Policy Management enables organizations to centrally configure, control, view, and audit detailed access policies for enterprise content across all repositories and access channels.

The products externalize authorization from the core portal and content management infrastructure using agents that intercept traffic flowing through these channels. Policies can be centrally configured to allow or deny access based on the identity and presence attributes of the users, the attributes of the content, other environmental variables (e.g., time of day), and segregation of duty requirements.

An organization's second most valuable asset is the digital information it collects, stores, and analyzes. That digital content must be protected in order to meet security, privacy, and compliance requirements.

Cisco Policy Management supports leading enterprise portal and content management products, including:

  • Microsoft SharePoint
  • IBM WebSphere Portal
  • BEA WebLogic Portal
  • JBoss Portal
  • Documentum

Microsoft SharePoint

Enterprises are empowering their knowledge workers by connecting them to the right people, applications, processes, and information through Microsoft Office SharePoint Server. Balancing the drive to share and connect across organizational and geographic boundaries, however, is the need to safeguard confidential information, streamline security procedures, and ensure compliance with regulatory requirements. In order to achieve open and yet secure collaboration, enterprises must augment SharePoint's native security mechanisms.

Cisco Policy Management is an innovative, standards-based policy management solution that enables organizations to consistently manage, enforce, and audit access control policies to any Microsoft SharePoint resource, including document libraries, lists, search queries, and Web parts.

Using Entitlement Management Solution (EMS), you can centrally manage policies to allow or deny access to distributed SharePoint sites and site collections based on the identity and other attributes of the user, the resource being accessed, and other environmental variables.

The key benefits of using Cisco Policy Management with SharePoint are:

  • Enhanced security and visibility
  • Lower administrative cost and faster time to deployment
  • Streamlined compliance audits

Collaboration and Messaging

Enterprises increasingly rely on collaborative, multimodal electronic communications between employees, customers, and partners. With the heightened emphasis on security and compliance, however, enterprises require standards-based, flexible, policy-driven, and easy-to-use solutions that can consistently and comprehensively manage, enforce, and audit access to instant messaging, voice over IP (VoIP), e-mail, whiteboards, text and video conferencing, etc. Furthermore, the solution needs to have enterprise-class scalability, availability, and performance to prevent disruption of critical business communications.

Cisco Policy Management addresses collaboration and messaging issues by externalizing authorization from the core messaging and collaboration infrastructure using agents that intercept traffic flowing through these channels.

Policies can be centrally configured to allow or deny access based on the identity and presence attributes of the users, the channel of communication, the content of the message being communicated, and other environmental variables (e.g., time of day).

Cisco supports the leading enterprise messaging and collaboration products, including:

  • Microsoft SharePoint
  • IBM Lotus Notes Domino
  • IBM Lotus Sametime
  • Jabber

Databases

To meet increasingly stringent compliance and security requirements, organizations need to enforce policy-based access controls across IT tiers. A common approach to protecting the information in corporate databases is to code or configure security policies into each individual application that is connecting to the database. This approach is complex and costly because any change in security policy must be applied to each individual application. Furthermore, meeting compliance requirements is difficult to achieve with this approach due to the lack of centralized visibility over security policies and access activity.

Cisco Policy Management enables you to define and reuse policies across the tiers while also enabling data-level policies that enforce access to specific rows, columns, or fields in a database table.

With Cisco's database solution, you can apply and enforce detailed entitlement policies at the database itself, eliminating the need to filter data in individual applications. It limits access to data at the row, column, or field level and ensures only the right information is exposed to users and applications.

The key benefits of the database solution include:

  • Policy-based, detailed access control at the data source
  • On-demand compliance audits and remediation
  • Comprehensive security from the consistent application of entitlements across the Web, application, and data tiers

Service-Oriented Architecture

To preserve the architectural principles of a SOA, and thus the business benefits, noncore application functionality such as security must be externalized from business logic and provided as a service. It is less important to separate access policy enforcement because it is often closely tied to underlying business logic. In some scenarios, however, policy enforcement should also be decoupled from the service.

The primary reasons for externalizing entitlement administration, decision making, and auditing from SOA applications include:

  • The need to centrally review and audit entitlement policies and usage across interconnected service components in the face of increasing government regulation
  • The need to enable independent development of business logic from security policy
  • The need to preserve the option to reuse component services in unanticipated ways
  • The need to deliver higher levels of governance

In evaluating potential solutions for policy management, it is important to seek products that are standards-based; built for distributed policy administration, decision making, and enforcement; and able to deliver the depth in policy expression and enforcement required by a SOA application. Cisco Policy Management is designed for the most demanding and complex SOA environments with its support for Extensible Access Control Markup Language (XACML) and other industry standards; three-tier architecture for policy administration, decision making, and enforcement; and robust policy engine.