OpenPMF mainly focuses on application security policies for access control and auditing. This is called “authorization management”, and is a critical part of today’s application security strategy.
Industry specialists agree that over 70% of all security break-ins happen on the application layer, not on the network layer. In order to ensure that enterprise security policies and regulations are adequately addressed on the application layer, matching fine-grained access policies need to be enforced reliably and consistently. And at low cost and low maintenance. [...]
Without OpenPMF, creating many fine-grained technical security (esp. for access control and auditing) rules is too costly, cumbersome and error-prone. And – even worse – without OpenPMF, updating many fine-grained technical security rules whenever the application landscape changes results in a maintenance cost explosion. OpenPMF automates much of the policy creation, and reduces the update [...]
OpenPMF’s policies are captured in generic terms (so-called “models”), rather than in technical security rules. This way, OpenPMF policies typically do not have to change when the application landscape (e.g. web application interactions) changes. OpenPMF automatically generates the technical security enforcement rules from those models by automatically analyzing the applications with all their interactions, and [...]
Unlike any other application security policy management product in the market, OpenPMF offers unique automatic technical policy generation and update from intuitive business security requirements (even for agile SOA, Cloud and virtualization application platforms). Other products and approaches do not offer this level of automation, which means developers and security administrators need to define technical [...]