Active Policy Enforcement

Consistent Security and Compliance Enforcement

Enforcing security and compliance in a service-oriented architecture (SOA) is challenging. An SOA has many more "moving parts" in the form of reusable software components exposed to security and compliance issues than traditional applications.

What's more there are many security types and standards to mediate and an ever-growing number of regulations to apply to information.

Actional for Active Policy Enforcement addresses these issues while reducing IT costs. Actional decouples the SOA policy lifecycle from the service lifecycle to centralize the creation and management of SOAs policy for security and compliance while ensuring distributed SOA policy enforcement. This empowers security and compliance experts to author policies once, apply them consistently across the SOA, and guarantee complete coverage for reduced risk.

In addition, Actional products for Active Policy Enforcement are designed to handle the full diversity of security and compliance requirements present within and beyond the boundaries of today's heterogeneous enterprises. It offers robust security across heterogeneous platforms and Web services standards - including support for WS-Security. It also simplifies compliance audits by recording audit data to a relational database, where it is available toany audit tool.

Figure: Actional for Active Policy Enforcement provides intuitive, wizard-based interfaces for managing security and compliance policies.

Benefits of Using Actional for Active Policy Enforcement:

• Decouple policies from the services and processes they affect—provides for more agile service development.
  
  
• Enable role specialists to centrally manage the creation and application of security and compliance SOA policies—delivers consistent policy reuse and reduced risk.
  
  
• Allow policies, services, and end-to-end processes to be versioned or modified independently without re-application—reduces management overhead and costs.
  
  
• Enable enforcement of both first-mile and last-mile security, avoiding security breaches and preventing unintended usage of services.
  
  
• Capture information for regulatory accountability and control sensitive data in messages, such as "personal identities".
  
  
• Apply policies to end-to-end processes wherever they flow—allow processes and services to change without requiring SOA policy changes or re-applications.

Enhance Active Policy Enforcement with Actional Add-on: Governance Integration Module

The Governance Integration Module integrates with third-party governance products such as BEA AquaLogic Enterprise Registry Repository, Software AG's CentraSite Governance Edition, Fujitsu's and Software AG's CentraSite Enterprise Edition, and HP Systinet to control rogue services, share policy information, and augment registry service metadata with runtime service metadata. It automatically discovers rogue services and interrupts them, pending their review and approval--preventing possible breaches of security and regulatory compliance and their costly consequences, such as fines and litigation, as well as capacity overloads from unplanned services.

The Governance Integration Module also adds value to integrated registries and repositories by copying in metadata on actual service usage, performance, and interdependencies. This information helps developers understand the impact of SOA versioning and maintenance.

Contact us to gain more insight and to learn more about the products and technologies from Progress Software.

You may also be interested in...

• Solutions
• White Papers
• Customers
• Press Coverage
• SOA Infrastructure blog

Related Topics

• SOA Management
• Service Level Management
• Exception Management
• Common Information Model