Your job comes with a web of security permissions that an IT department has to regulate. IBM‘s newest security software, however, knows what role you have and can assign access before the IT guys ever have to lift a finger.
A lot of companies use software that limits what an individual employee can do on the computer. Some classes of employees, such as sales people, are allowed access to different applications, software, and social media that others are not. This is especially true in larger organizations where confidential information is distributed on a need-to-know basis, and can slip outside of company firewalls without this the right security software. The problem is that as a company grows larger, tailoring security for individual employees can become tedious.
IBM has developed identity software that takes care of this problem. The software, which is called Security Role and Policy Modeler, looks at your existing applications and detects how many permissions each person has. These applications include Salesforce, Oracle Finance, Active Directory and more. Based on the access permissions certain employees have in these applications, Security Role and Policy Modeler will group employees into “roles” and assign them a blanket permissions scheme, which can be edited manually. The roles aren’t based necessarily on what job you have, just on what permissions already exist for you, and how they are similar to other people in the company.
But not everyone is the same, right? Well, from a security standpoint, your 10,000 person company may be filled with individuals, but it costs a lot of money to sort them one by one. For IBM, it makes more sense to divvy them up into groups and then, if necessary, manually tweak permissions, also known as, “roles plus.”
“Having roles well defined will get the compliance auditor off your back faster,” said IBM Security Systems vice president of strategy and product development Marc van Zadelhoff in an interview with VentureBeat.
Industries such as finance and medical have compliance regulations around communications and security that are often audited for updated practices. This can be sloppy if your permissions are spread across a number of different applications, especially when a compliance officer wants to see order. Van Zandelhoff believes the role creating software is a way to bring calm to the chaos.
For Van Zandelhoff, the new software is also a testament to IBM. The product was born out of IBMs newest division, Security Systems, and is meant to show what Van Zandelhoff calls “good ol’ fashion organic innovation.” The company announced this morning that it acquired 6180 patents in 2011, and won the most patents received in a year for the 19th year. While this and company acquisitions are what IBM is known for, the Security Systems team wants to change that with internal inventions.
Ironically, the department has acquired 12 companies thus far, but doesn’t want to limit itself.
“We announced IBM Security Systems in October,” said Van Zandelhoff, “It’s the culmination of security growing to become quite a sizeable business.”