Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Tuesday 2 September 2008

Business-driven security: Aligning business and IT security

Organizations today advocate the architectural vision of "aligned business and IT" - this means that the organization's IT landscape is aligned with achieving business goals, and that it can be adapted quickly to help the business respond to changes (e.g. in the market). Enterprise Architecture (EA), Business Process Management (BPM), BPM-driven Service Oriented Architecture (SOA), Model Driven Integration (MDI), and Model Driven Engineering (MDE/MDA) are examples that tie into such a vision.

Model-driven security is a critical aspect ofthis vision because - in line with the overall vision - it allows 1) business security requirements to be defined, 2) these requirements automatically transformed into IT-centric security rules, 3) automatically enforce the rules across the IT landscape, and 4) demonstrate compliance to the business.

The result is a closed loop from the business to IT and back to the business. The benefits include: enable IT/business agility, save cost, improve security, and of course align business and IT security.

Analyst firms forecast the mainstream for model-driven, process-led approaches within 5 years, and model-driven security is set to piggyback onto that adoption. So it is time to look into it now. Feel free to read our white paper at

No comments: