In 2006, five security, systems and networking experts with a combined 40-plus years of experience at Cisco Systems formed a network security startup and took aim at the access management market.
Now, two years later, that startup-Rohati Systems-has stepped out of the shadows with a high-speed appliance that relies on user entitlements to control access to applications. The Rohati TNS (Transaction Networking System) platform functions at Layer 7, providing transaction-level enforcement and allowing users to create granular entitlement policies and controls. It uses XACML (Extensible Access Control Markup Language) in a bid to eliminate the need for client or server agents or any changes to applications.
Today, entitlement control is typically coded into applications, said Rohati CEO Shane Buckley. The challenge for enterprises is that addressing this across the applications they use can be a multiyear, multimillion-dollar task, he said.
Combining the granularity of software-based entitlement management solutions with a high-performance networking platform, Rohati seeks to close the gaps created by firewalls that are unable to provide the granularity TNS offers. Traditional firewalls see IP addresses, but cannot offer the type of context TNS does at 7, Buckley said.
Customers can put the product in the data center in discovery mode to learn about users and their attributes. The product then stores information on transactions to help administrators set policies. Administrators can also use a simulation mode to extrapolate how policies will affect users once the policy is officially deployed, Rohati officials said.
The technology goes a step further than role-based rules, Buckley said, explaining that a user’s role in an organization can be nebulous.
“Role is not specific enough; role is one attribute in active directory,” he said.
Burton Group analyst Gerry Gebel said the popularity of Microsoft SharePoint has presented the challenge to IT departments of applying regulatory controls to unstructured data in a collaborative environment.
“Entitlement control solutions offer an alternative approach by overlaying an access control layer over SharePoint, which can contain sensitive or regulated data,” Gebel said in a statement.
There are two versions of the appliance: the TNS 100, priced at $20,000, and the TNS 500, priced at $85,000. The appliances are slated to ship in July.