Defining security policies for complex, large IT environments based on standards, regulations, and frameworks is a difficult, cumbersome, and error-prone task. This is in particular the case for agile IT environments such as highly distributed component based systems and Service Oriented Architecture (SOA). We have shown that model-driven security, which allows the generation of security policies from the application models, helps build and maintain secure, agile IT environments.

Blog OpenPMF Product Success Stories Videos & Publications

Our team of modelling experts can help you model your compliance requirements based on architecture standards/frameworks and regulations (ITILv3, ISO27000, PCI DSS, HIPAA, BSI Grundschutzhandbuch) and on your business architecture (Enterprise Architecture, Business Service Management, Business Process Management, SOA Architecture, IT Transformation/Modernization Roadmap etc.). We can set up a modelling framework for security that includes all the required model transformations. We are specialists in Eclipse based modelling and toolchain integration.

Today software modelling is the accepted best-practice approach for developing flexible and reusable software applications where abstract application models are turned into software using a modelling toolchain. The OMG Model Driven Architecture (MDA) is the leading standard framework for software modelling, and products such as SecureMiddleware include an MDA development toolchain. Why not apply the same logic to security and automatically generate security policies and high assurance from models (EA, BPM/BPMN/BPEL, application MDA/MDI/UML etc)? This way, you can be confident that the deployed system matches the models, and that you have not forgotten any security policy aspects. And most importantly for agile SOA style environments, you can reconfigure and redeploy your (possibly distributed) applications by simple changes in the model - the underlying software and security policies will be automatically matched to your models through the automatic MDA and SecureMDA tool chains.