ObjectSecurity Monthly Update

16 February 2009

Greetings,

Here is our latest newsletter. Please feel free to pass it on to anyone else who might be interested.
This month we are proud to announce that we have been awarded a new R&D project about "agile SOA accreditation" (one of the hot topics in SOA security). We have also revamped our website, the OpenPMF brochures, and industry / technology specific websites.

Just signed up to this newsletter? Browse the archive.

ObjectSecurity "Cool Vendor 2008"

New projects and product releases

UK Ministry of Defence R&D Contract: Agile SOA Accreditation
ObjectSecurity' has been awarded a UK Ministry of Defence (MoD) contract to carry out research related to agile Service Oriented Architecture (SOA) accreditation. The project was awarded by MoD’s Centre for Defence Enterprise (CDE) and is managed by MoD’s Defence Technology and Innovation Centre (DTIC). The contract award underscores ObjectSecurity’s innovative defence / civilian “dual use” capabilities in the areas model-driven security and secure integration (e.g. SOA), which have previously been demonstrated in projects with the US Naval Research Lab, with RTI for the US Navy & US Air Force, and with ESG for the German Bundeswehr. Lack of “agile SOA accreditation” methods and tools have been identified by leading trade bodies (e.g. by ISSA, Cyber Security KTN, Security Network) as one of the top two concerns related to SOA and security. The other top concern, the lack of manageable SOA security policy management tools, is already tackled by ObjectSecurity’s OpenPMF product & solution. It is anticipated that the results of this project will be commercially available as part of future OpenPMF releases, and that they will be “dual use” (Cambridge, UK, and Palo Alto, CA, USA, 16 February 2009).

In-Depth Studies about SOA Security & Model Driven Security
ObjectSecurity offers in-depth studies about hot topics in IT security. Current studies include SOA security and about model-driven security. Other tailor-made studies can be produced upon request.

OpenPMF now supports BPMN (Intalio BPMS)
ObjectSecurity is pleased to announce that OpenPMF 2.0 now supports business process management based model-driven security management. The feature is available in beta, and the full release is scheduled for March 2009. The product brochure is here, and a demo video clip is here, and a discussion of this feature is on our blog.

News & Press Releases

ObjectSecurity appoints Dr. William Wilson as strategic advisor
ObjectSecurity has appointed Silicon Valley based Dr. William Wilson as strategic advisor. Dr. Wilson will advise on ObjectSecurity’s business and financial strategy. Dr. William Wilson has thirty years experience in information security in a variety of positions ranging from technical to executive. He has served on government policy making groups in information security, participated in groups setting national research objectives in security, and given numerous papers on technical and business aspects of security. Dr. Wilson was a co-founder of Arca Systems, a pioneer provider of information security services, and served as its CEO from inception to acquisition by Exodus Communications. At Exodus he performed various roles, including running the Exodus security practice and serving as Vice President of Security R&D and Marketing. He has served as Entrepreneur in Residence at Blumberg Capital and held operational roles and board positions in various Blumberg funded companies. Dr. Wilson received his B.A. in mathematics from Princeton University and his M.A. and Ph.D. in mathematics from Harvard University.

Website Streamlined: New OpenPMF Brochures, New Industry Focus Flyers, New Technology Focus Flyers
Our website is now consolidated and streamlined. The OpenPMF product and solution brochures have been improved, and there is a new "Focus Area" top menu section on the website which explains ObjectSecurity's offerings for a number of industry verticals and technology areas. This information should help organizations advocate OpenPMF internally, to achieve a "team buy".

OpenPMF Business Driven Compliance Management Framework
ObjectSecurity has developed a framework for OpenPMF Business Driven Compliance Management (more).

ObjectSecurity Q1-Q2/2008 analyst coverage: *New* Burton Group Coverage!
Gartner: "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008, "Tear Down Application Authorization Silos With Authorization Management Solutions" (G00147801) 31 May 200, "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" (G00151498) 21 September 2007, "Hype Cycle for Information Security, 2007" (G00150728) 4 September 2007, "Hype Cycle for Identity and Access Management Technologies, 2008" (G00158499) 30 June 2008, "Hype Cycle for Context-Aware Computing, 2008" (G00158162) 1 July 2008, "Cisco Buys Securent for Policy Management, and Relevance" (G00153181), 5 Nov 2007.
451 Group: "Market Insight Service Impact Report" (54313) and in the report "Policy Management for Identity - Closing the Loop Between Identity Management, Security and IT Management?". OpenPMF 2.0 is mentioned as a "... a powerful framework that addresses the missing element in controlling user-resource interaction: policy management."
Burton Group: also covered ObjectSecurity in their "Entitlement Management" report.

ObjectSecurity collaborates with ITIL specialist Victor GmbH
ObjectSecurity collaborates with Victor GmbH in the area of mapping business-driven ITIL security best practices traceably to the IT landscape. The consultants of Victor GmbH have broad expertise in IT Service Management which, together with ObjectSecurity’s leading expertise in model-driven security management, provides a powerful combination to carry out ITIL and Cobit projects that traceably extend to the actual IT enforcement.

CEO Interview at RSA Conference Europe: Cloud Computing & Security
In this short interview, ObjectSecurity's CEO Ulrich Lang briefly explains that many of the challenges of Cloud computing security are related to the security challenges of other related architectures such as SOA. While the technical hurdles can be dealt with using security products such as ObjectSecurity OpenPMF, Ulrich advocates increased Cloud user awareness for security and privacy implications. Ulrich will facilitate a related session at the RSA Conference 2009 in San Francisco, CA, USA.

Modeldrivensecurity.org blog
This month, ObjectSecurity blog discusses more about the need for aligned business and IT security, and the need for process-led security policies. We also discuss recent academic work and a conference in the subject area.

ObjectSecurity drives Model Driven Security standardization in OMG
ObjectSecurity continues to support the standardization of a security policy model standard at the Object Management Group (OMG) consortium to prevent vendor lock-ins and market fragmentation. You can find our response to the RFI on the OMG web page. Please contact us if you would like to discuss this standardization effort, or if you would like to sponsor this standard.

Security Management Ecosystem: OpenPMF Supported Technologies
ObjectSecurity is currently forming strategic partnerships with vendors who would like to add OpenPMF security to their technologies. Details can be found on our partnerships web page.

Click here to view an up-to-date news list.

Events - meet ObjectSecurity face-to-face at these events (contact us to arrange a meeting)

Click here to view an up-to-date events list.

Why you are getting this newsletter

You are receiving this email because you have subscribed to ObjectSecurity's email newsletter. Please contact us if you have any feedback - we aim to make this newsletter as useful as possible for you.

Please simply reply to this email with "unsubscribe" in the subject or body if you would like to unsubscribe. We are aiming to make this newsletter as useful for you as possible, so any comments or suggestions would be greatly appreciated. Simply reply to this email if you would like to get in touch with us. And please tell your colleagues about this newsletter.