Modern enterprises rely on IT networks to compete globally. Corporate networks need to accelerate business responsiveness by enabling rapid and secure global connections to business opportunities, customers, partners, contractors, employees and, in some cases, even competitors. The speed at which enterprises can enable collaboration directly impacts the bottom line. It can mean the difference between winning and losing a market opportunity.

Many factors contribute to collaboration and decision-making delays, the stringent demands of regulatory compliance and IT security among them. Traditional IT solutions designed to meet security and compliance requirements can be complex, labor-intensive, slow to implement and cost-prohibitive. Finding the manpower and money to implement effective security and compliance solutions is not always easy, and these projects can create as many problems as they solve.

Software-based versus network-based solutions

Many enterprises opt for software-based entitlement control and management solutions to enforce policies across applications, systems, file shares and servers that exist within corporate networks. This approach can be complicated, cumbersome, time-consuming and costly because it requires IT to touch every application and resource. IT also has to resort to server and client-side agents and, frequently, custom application coding for implementation.

To help enterprises mitigate delays caused by traditional approaches, vendors have developed new breeds of solutions that are network-based. These solutions are network appliances managed via an intuitive GUI application. Like its software-based ancestor, a network-based entitlement control and management platform allows enterprises to adhere to stringent compliance standards while securing sensitive data center resources. But, unlike its predecessor, the platform accelerates corporate responsiveness by keeping pace with global collaboration demands, is simple and fast to deploy, is operationally simple, and comes at a fraction of the cost to deploy and manage.

Entitlement control and management isn’t going away. Without it, the data center would be open to any user logged into the network, regardless of their “need to know.” The following are the top 10 reasons why enterprises should adopt a network-based approach:

Reason No. 1: Cost-efficiency

Network-based entitlement control and management platforms can be deployed transparently. Because there is no need to make changes to network topology, or deploy client or server agents (nor resort to custom coding), the network-based approach can be deployed on a broad scale, enterprisewide. It can be deployed without imposing a burden on IT to spend thousands of man-hours configuring each application or resource.

Reason No. 2: Speed of provisioning

Entitlement control and management is based on a broad range of user, environmental and resource attributes (such as role, project, citizenship, location, file, “delete” command--just to name a few). Network-based entitlement control and management platforms can enforce policies at run-time through interoperability with existing directories such as AD and LDAP--a capability that expedites the policy provisioning and enforcement process.

Reason No. 3: Breadth of coverage

Because network-based entitlement control and management platforms are deployed in the data center between the user and resources, policy enforcement can be executed at the transaction level for all users across the broadest range of applications and resources. Rather than having to enable entitlement control application by application, it can be implemented throughout all enterprise applications.

Reason No. 4: Massive scalability

Because there is no need to make changes to network topology, deploy client or server agents, or resort to custom coding, entitlement control and management is provided at the speed of your business. The network platform operates at multi-10G-bps levels of performance in order to accommodate the stringent demands of the most demanding data centers. During peak traffic surges, computer resources can be dynamically adjusted to meet massive demand and ensure that SLAs (service-level agreements) are met.

Reason No. 5: Simplicity

Enterprises deploy thousands of collaboration, Web 2.0, file shares, legacy and custom applications across corporate networks. Each application or application set has coding considerations. Because network-based entitlement control and management platforms deploy transparently--with no changes required to applications--policies can be defined, enforced and administered without having to reach out to every application deployed. This significantly reduces time to deployment and switching costs.

Reason No. 6: Compliance

Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) standards are three of the most complex and stringent regulatory compliance laws to which many businesses must adhere. Each requires enterprises to maintain security over sensitive data and produce comprehensive auditing logs. Network-based entitlement control and management platforms not only enable policy enforcement, but also provide the ability to produce comprehensive, business-language, policy-based, per-transaction logs to support forensics and auditing needs.

Reason No. 7: Increased productivity

Because network-based entitlement control and management platforms can be deployed transparently, with no need to make changes to applications, the network-based approach frees application developers to focus on application development. “Externalizing” policy enforcement in this manner provides many advantages to application developers who can “call” on the network to deliver policy and logging services to multiple applications.

Reason No. 8: Availability and performance

Network-based entitlement control and management appliances can be multicore, with massive throughput, supporting many millions of flows in run-time. The high-performance nature of these appliances supports Gigabit Ethernet interfaces for ease of connection to data center switches and routers. A network-based entitlement control and management appliance is typically 10 times faster than traditional approaches.

Reason No. 9: Transaction support

Network-based entitlement control and management platforms can support both user-to-machine and machine-to machine transactions, ensuring that enterprises can apply policy enforcement to all transactions. Support for machine-to-machine transactions is crucial in the data center and in SOA environments where servers often make requests to each other (for example, for algorithmic trading or to look up a bank balance).

Reason No. 10: Centralized management

Network-based entitlement control and management platforms can be managed from a single, highly intuitive GUI application to administer policies--and to provide delegated administration--across the broadest range of resources and applications in the data center (or multiple data centers), as well as to produce comprehensive, “plain English,” policy-based, per-transaction logs to support forensics and auditing needs. 

 Shane Buckley is president and CEO of Rohati Systems Inc. He has more than 20 years of global executive and general management expertise, having held senior executive positions in the United States, Europe, the Middle East and Asia-Pacific. Before taking the helm at Rohati, Shane served as COO at Nevis Networks Inc., a leader in network access control. Prior to that, he was VP of Worldwide Operations for Juniper Networks. Before that, he served as the international president of Peribit Networks, the leader in network optimization. Juniper Networks purchased Peribit in June 2005 for $385 million.

Prior to Peribit, Shane served as CEO of Conduit Software, a provider of directory assistance and wireless applications solutions. Before that, he was VP, EMEA, at 3Com. In this role, he managed a $2.2 billion business unit and was responsible for 3Com’s distribution strategy, OEM partnerships and reseller channels. Shane also chaired 3Com’s Global Distribution Council, was a member of the company’s worldwide OEM steering team and served as 3Com’s head of operations for the Asia-Pacific region based in Hong Kong and Tokyo.

Shane is a frequent speaker at high-level industry trade shows and events such as Gitex, CeBIT and The Wall Street Journal Europe conference. He has also contributed to many magazines and news programs, including MSNBC, SABC and Middle East Business news. He holds a bachelor's degree in engineering from the Cork Institute of Technology in Ireland. He can be reached at shane@rohati.com.