Contextual Authorization Tool manages access to resources.

Press Release Summary:

RSA® Entitlements Policy Manager helps enterprises increase security and enforce end-user access control across applications, Web services, and documents based on specific risk and business context. Administrators can create, enforce, and monitor security policies from one central location across distributed application infrastructure. This affords visibility into IT controls and promotes consistent policies that link risk associated with user authentication and resources.

Original Press Release:

RSA Announces New Contextual Authorization Solution to Manage Deep and Defined Access to Enterprise Resources

RSA(R) Entitlements Policy Manager Enables Enterprises to Protect Sensitive Information by Providing Users with the Right Access to the Right Applications, Web Services and Documents

LONDON, Oct. 27 -- RSA CONFERENCE EUROPE 2008 -- RSA, The Security Division of EMC (NYSE:EMC), today announced RSA(R) Entitlements Policy Manager, a new addition to its Identity Assurance portfolio of contextual authorization solutions - including RSA(R) Access Manager and RSA(R) Federated Identity Manager - that is engineered to enable organizations to increase security and enforce end user access control based on specific risk and business context, in accordance with policy.

"As part of a solid identity assurance strategy, a web access management solution must evolve beyond web single sign-on, as enterprises have moved more towards service-oriented architectures, Web services and the latest standards," said Sally Hudson, Research Director, Security Products and Services at IDC. "More concentrated and specific access rights to a broader variety of resources, like customer relationship management software, will help those who are appropriately credentialed to access privileged and well-defined information, and those who are not authorized to stay away from what they do not need to see."

More Secure Access through Fine Grained Role- and Attribute-Based Policy

RSA Entitlements Policy Manager is designed to provide IT organizations with a web-based interface to manage policies that create centralized user access controls based on fine-grained roles and attributes. As engineered, the product would accomplish this while preserving each user's identity context across applications, URLs, service-oriented architectures (SOA) and Web Services. IT administrators can enhance risk management by defining controls based on content sensitivity such as materials including company financials and customer information. For example, user access privileges can be granted to specific database rows and columns, or files with content management and collaboration solutions such as Microsoft(R) SharePoint(R) or EMC Documentum(R) eRoom(R) products.

Reduced Operational Costs and Improved Efficiency

RSA Entitlements Policy Manager is designed to allow IT administrators to be more agile through the ability to create, enforce and monitor centralized security policies from one central location and across the distributed application infrastructure. The solution is built on a strong architectural foundation leveraging industry standards such as eXtensible Access Control Markup Language (XACML) and Security Assertion Markup Language (SAML) to create a scaleable system for enterprise applications. RSA Entitlements Policy Manager provides a centralized security platform that allows developers to focus on business logic - improving development agility and flexibility to modify controls on applications - without having to rewrite code.

Improved Risk Management and Regulatory Compliance

RSA Entitlements Policy Manager is engineered to provide broad and deep visibility into IT controls as well as consistent policies that link both the risk associated with user authentication and the risk associated with resources. By providing a context to authorization, as well as the ability to log and report all user and administrator activity, organizations can improve regulatory compliance and foster broader operational trust and information governance within the organization.

"Our identity assurance solutions are focused on allowing trusted identities to freely and securely interact with systems and access information, providing customers with a proven methodology and set of capabilities that minimize the risk associated with identity impersonation and inappropriate account use," said Sam Curry, Vice President, Identity and Access Assurance at RSA. "Access to highly sensitive data should be granted only to those who need it, and in some job functions access to only very specific areas within the information infrastructure are necessary. Organizations need to be able to effectively manage the many nuances within large numbers of identities and resources, while simultaneously making it easier for their employees to do their jobs."

Product Availability

RSA Entitlements Policy Manager will be available worldwide through RSA and EMC starting in late Q4 2008. RSA Access Manager and RSA Federated Identity Manager are currently available worldwide through RSA and EMC, and select RSA SecurWorld channel partners.

About RSA

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

RSA is a registered trademark or trademark of RSA Security, Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation in the U.S. and/or other countries. Microsoft and SharePoint are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners.

CONTACT: CONTACT: David Seuss, +1-781-515-6279,, or Matt Buckley, +44 (0)1344 781633, , both of RSA, The Security Division of EMC; or Heather Milne of OutCast Communications, +1-215-875-8138,

More from Test & Measurement

All Topics