Organizations today advocate the architectural vision of "aligned business and IT" - this means that the organization's IT landscape is aligned with achieving business goals, and that it can be adapted quickly to help the business respond to changes (e.g. in the market). Enterprise Architecture (EA), Business Process Management (BPM), BPM-driven Service Oriented Architecture (SOA), Model Driven Integration (MDI), and Model Driven Engineering (MDE/MDA) are examples that tie into such a vision.
Model-driven security is a critical aspect ofthis vision because - in line with the overall vision - it allows 1) business security requirements to be defined, 2) these requirements automatically transformed into IT-centric security rules, 3) automatically enforce the rules across the IT landscape, and 4) demonstrate compliance to the business.
The result is a closed loop from the business to IT and back to the business. The benefits include: enable IT/business agility, save cost, improve security, and of course align business and IT security.
Analyst firms forecast the mainstream for model-driven, process-led approaches within 5 years, and model-driven security is set to piggyback onto that adoption. So it is time to look into it now. Feel free to read our white paper at http://www.openpmf.com/.