The Security Management Challenge: IT security management has become unmanageable and too costly for several reasons: (1) growing complexity of distributed IT landscape (e.g. SOA, Web 2.0, cloud computing, virtualization), (2) requirements for IT “agility”, (3) need for complex security policies beyond identity & access management (IAM) that cover many stakeholders and technologies. Often there are too many products to manage in proprietary and decentralized ways. Nobody except us brings security policy management together in a manageable way in one place – instead, predecessors to our technology require customers to manually specify large numbers of security policy rules.
Solution: OpenPMF 2.0 is ObjectSecurity’s unique, market-leading “model-driven security management” product. Ideally marketed as an extension of current identity management solutions and authorization management solutions, OpenPMF 2.0 actually makes policy management manageable. It lets organizations specify security requirements in abstract models (like UML), which are then transformed into (typically many) technical security enforcement rules . The rules are then distributed across the IT environment into OpenPMF 2.0 enforcement points (or 3 rd party XACML products) for control of information flows and for security monitoring (e.g. for SOA). Benefits: enable IT agility, save cost, improve security effectiveness, align business & IT, bring together the security ecosystem, and enable enterprise architecture-driven IT security. OpenPMF has received high visibility, recognition, and credibility (e.g. Gartner: “Cool Vendor 2008”) and has been successfully deployed (e.g. US Navy & Air Force, European air traffic management).
Business & Adoption Model: OpenPMF 2.0 has been designed to minimize adoption hurdles: It can be adopted gradually, starting as an add-on to existing large-scale, large-growth identity management deployments (as security monitoring dashboard and authorization management solution). Full adoption (unique to OpenPMF 2.0) includes model-driven security management...
Market Opportunity: Identity & access management (IAM) is currently a healthy multi-billion dollar market ($4.9 billion by 2011), and the authorization market continues growing at high double digit rates. OpenPMF can tap into these markets immediately, and differentiate itself by offering an upgrade path to model-driven security. Model-driven security will most likely be adopted together with model-driven (and process-led enterprise architecture) approaches, which will be mainstream within 2-5 years (Gartner), thanks to large big-vendor commitment ...
Differentiation: Nobody does exactly solve the hard problem we solve, but related competition includes these predecessor technology areas:...
