ObjectSecurity, the leader for model-driven security, today announced that they have been awarded a feasibility analysis contract by UK Technology Strategy Board (TSB) under the Feasibility Studies for Digital Services grant program. The project aims to identify the gaps and solutions around ObjectSecurity OpenPMF™ for cloud application security policy automation as a service: The cloud computing market is forecasted to be very large and rapidly growing, but security is stated as the #1 adoption hurdle. There is a great commercial opportunity for solutions that meet the specific needs for cloud. This project seeks to identify suitable solutions (esp. cloud based) for implementing security & compliance policies for cloud services (& other deployments such as SOAs), using a cloud-based policy automation service. To reliably identify the exact requirements and unique market opportunities, this project first analyses (1) unique security concerns related to cloud computing, and (2) gaps in cloud-related standards/regulations, and technology solutions. It then identifies potential solutions for security & compliance policy implementation and testing, with the goal of short-term commercialisation. One particular innovation of this project will be the use of model-driven security automation (offered as a cloud service & tied into the protected cloud platform) to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.

ABOUT OPENPMF – OpenPMF™ (“Open Policy Management Framework”) makes application security manageable through automation, which is key to reducing cost and improving security & compliance. OpenPMF™ offers manageable authorization policy automation for today’s agile, interconnected applications – including those running on Service Oriented Architecture (SOA) and cloud computing platforms. Most organizations today need to reduce cost and improve IT security & compliance at the same time, which is practically impossible without increased security automation. Manually translating security policy & compliance requirements into effective technical implementation is difficult, expensive, and error-prone – esp. for interconnected, agile applications (for example, built using SOA & cloud platforms). Automate the process of turning human-understandable security & compliance requirements into the matching numerous and ever-changing technical security policy rules and configurations. In addition, proactively enforce (“whitelisting”) access control & auditing, and continuously monitor security the application layer. OpenPMF involves five steps: Configure, generate, enforce, audit, and update. OpenPMF security automation forms a critical part of any authorization management, entitlement management and identity & access management (IAM) strategy. OpenPMF also enables a secure application development lifecycle at development time right from the beginning – dealing with policy abstraction, externalization, authoring, automation, enforcement, audit monitoring & reporting, and verification. Unlike any other application security policy management product in the market, OpenPMF automates security using unique award-winning and patent-pending model-driven security, advocated by ObjectSecurity’s thought-leading founders since 2000. OpenPMF helps develop, operate and maintain secure applications. It makes application security proactive, manageable, intuitive, cheaper, and less risky.