Getting a grip on access management

Undertaking an enterprise access management project can be so complicated that the IT manager might be hard pressed to remember his own name at the end of it all. But NetScreen Technologies Inc. says its new Instant Virtual Extranet (IVE) platform could help corporate technology leaders maintain their sanity.

The Sunnyvale, Calif.-based network gear maker earlier this month unveiled IVE Version 4.0, the latest access management software running on NetScreen’s SSL VPN appliances.

Successor to Version 3.3, the new software lets companies control remote access to corporate-served apps according to the user’s duties, her relationship with the company, and even the time of day, NetScreen said.

The firm pointed out that increasingly the enterprise must provide remote access not just for employees, but for customers, partners and suppliers too. As a result, “you need much more sophisticated authentication and authorization policies,” said Vivian Ganitsky, product-line manager at NetScreen.

But it’s not always easy to create a security policy for users that is at once strong and easy to implement. Ganitsky described access management’s do-it-yourself model as “a nightmare” fraught with server duplication, operating system upgrades and ever-changing vendor specs.

“Any time the Web server or app server changes versions, the agents have to be changed,” she said. “Any time the access management vendor puts out a new product, [customers] have to manage all of those agents.”

NetScreen means to simplify the process with IVE 4.0, which runs on the firm’s 1000, 3000 or 5000-series SSL VPN appliances. IVE is one of the products that NetScreen added to its portfolio after acquiring Neoteris Inc. last year.

New access privilege capabilities in 4.0 let customers control who can see what, and when: grant access rights according to time-of-day, user profile and the remote computer’s configuration. If, for instance, the remote PC carries a digital certificate, the user may be granted access to more applications and files than he would if the computer didn’t have a certificate, Ganitsky said.

According to NetScreen, 4.0 offers customizable user interfaces to distinguish, say, the image that the company’s employees see when they enter the network, and the image for partners, which might present a different set of applications.

This latest iteration supports multiple host names, like “parterns.company.com” for partner access and “employees.company.com” for the enterprise’s own staffers. “That’s very key in scenarios where customers are trying to secure an extranet…that already has a particular look and feel,” Ganitsky said.

Version 4.0 adds role-based delegation. This lets the corporation denote who, among extranet users, has access to which administrative actions. A supplier’s IT manager might be allowed to look into user-authentication features that address her company’s people, while the enterprise’s IT manager would be able to glance deeper into system, perhaps scrutinize resource clustering. “They’re able to distribute the workload,” Ganitsky said.

Apart from the new IVE, NetScreen introduced a Central Manager program that lets customers control up to four VPN appliances across a wide-area network.

Although Ganitsky conceded that four appliances “doesn’t sound like a lot,” when you consider that NetScreen’s top-of-the-line SSL VPN appliance, the SA-5000, supports up to 2,500 simultaneous users, the average customer won’t need more than four, she explained.

Soltrus Inc., a network security services firm and NetScreen partner in Toronto, is beta-testing IVE 4.0. According to Marcus Shields, the firm’s enterprise product manager, the new version seems flexible and easy to use.

“It knows what kind of authentication you’re going to want to use, before you even enter into the system,” Shields said, pointing out that 4.0 makes life simple for users and the IT crew, which, in turn, makes the enterprise less vulnerable. “Any security system that isn’t easy to use will eventually be turned off.”

NetScreen said 4.0 is meant to introduce access management functions into the mid-sized company. According to Ray Wagner, Nashville, Tenn.-based analyst at Gartner Inc., the mid-sized enterprise represents this new product’s sweet spot.

“A medium-sized enterprise with a lot of mobile workers, they should get the picture straight away.” As for larger companies, “They might look at it as access to resources for a certain set of individuals.”

IVE 4.0 on NetScreen’s 1000-series SSL VPN appliance is priced at US$6,995.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now