Centralized Access Control Policy

As your organization expands its use of web applications, such as portals, commercial web products, or home-grown web applications, one of the first issues that typically arises is getting a handle on Single Sign-On (SSO). After-all, there are considerable benefits to consolidating access to these applications through a single user credential. However, a secondary issue tends to follow not too far behind – how do you control who has access to what?

This can be a more costly and daunting problem than SSO. In most organizations, each web application is treated as a silo, with its own administrator controlling unique access control policies specific to that application. Aside from having dozens, hundreds, or even thousands of these silos, administration of access controls is often being done by a technical resource – the application administrator.

Silo-styled access control, reliant upon individual application administrators, can lead to a variety of issues, including:

  • Costly Delays
    • The time it takes to communicate a policy change downstream from a CISO to application administrator is lengthy. Many security policies may be time-sensitive.
    • Policies may be updated in a hard-coded fashion, requiring developers to get involved and make expensive and time-consuming updates to applications.
  • Inaccuracies and Inconsistencies
    • Policies may be interpreted differently across various administrators leading to inconsistent implementation and behavior for users. In worst-case scenarios, inaccurate implementation of policies may lead to security risks.
    • Some applications may fall through the cracks altogether. These applications can represent critical security risks for the organization. In a silo-administrated environment, there’s often no way to get a comfort-level around the completeness and accuracy of your access control policies.

Lighthouse Gateway makes it simple to govern your access control policies. Using a centralized model, policies can be described by your organization’s subject matter experts, defined once, and applied in a consistent manner across all relevant web applications. Point-and-click technology means that policy administration is quick and easy enough to be done by someone with little or no technical background.

Lighthouse Gateway’s IBM Web Access Management software allows your business needs to drive policy. An extensive set of capabilities enables you to build everything from simple to complex policies. Simple policies may allow only specific users, groups, or roles to have access to a given web application. Complex policies may also consider the time of day, whether the user is internal to the company network, the form of authentication used, and countless other qualifiers.