Advanced Policy Manager: Better access control for your sites and data

Janrain Advanced Policy ManagerWe just released the latest member of the Janrain product family: Janrain Advanced Policy Manager.

This new product lets you centrally control who can do what across multiple digital sites, including web, mobile, or IoT devices. Of course, access control is nothing new, and we find it all over the digital world. Think of things like pay walls, age-restricted content, features in games that players can access only after reaching a certain level, or services like online banking where it is critical that only the right people can access account data and trigger transactions.

What has been missing in the landscape, and what Janrain Advanced Policy Manager does so well, is to centralize and standardize the mechanisms that companies use to control and manage access across their digital sites. In most cases, we find access management built into different applications and distributed across multiple departments, systems, and locations inside of a company. On top of that, they are implemented using different concepts, techniques and technologies. That’s bad, and we change it for the better.

Supporting a diverse and distributed collection of systems and technologies is difficult, error prone, and requires a lot of time and people power. Different systems that were set up by different people (who might no longer be with the company) with little or no documentation. It’s a nightmare, both for the IT people and developers who are tasked with implementing changes across multiple sites, as well as for the business departments that desperately want those changes and find out they might take weeks or months and unexpectedly require big budgets. This is particularly painful as new regulations, like the General Data Protection Regulation (GDPR), are looming on the horizon and drive up the need for company-wide (and complex) changes to who can do what on the digital sites.

There’s another reason why fragmented access control is a bad thing: it’s a security flaw. If access rules across multiple sites can’t be changed quickly, it also means that the company is not able to react fast to a threat, breach, or attack. And those different access control implementations scattered all over the enterprise are almost impossible to debug efficiently.

Access control for the modern connected world

We partnered with authorization solutions provider Symphonic Software to create a better and more modern solution for access control: Janrain Advanced Policy Manager.

So, what does it do to ease the pains described above? Here are the main concepts:

  • Advanced Policy Manager centralizes the administration of access rules. From one central point you can define, change, and manage access policies across the entire enterprise—any identity, any application, on any device, in any region of the world.
  • Defining access policies is easy and intuitive, using Janrain’s Identity Console. No programming skills or deep technical knowledge is required, so business departments can administer access control themselves without having to involve IT resources even for small changes.
  • At the same time, these policies can have a very high level of granularity. This allows complex access rules to be implemented with little effort, enabling organizations to handle sophisticated requirements—say, the implementation of a new payment model across different media sites where access to content is granted based on many different subscription levels. And changing access rules in the case of an emergency (like an attack) can be done very rapidly.
  • Policy management and enforcement is not only centralized, but also abstracted from underlying applications. Instead of having the application do all of the access control and enforcement work, it lets Advanced Policy Manager do the job as a cloud-based SaaS solution. Whenever a decision as to whether a user is authorized to access something is required, the application basically uses the “decision as a service” model that Advanced Policy Manager provides. This reduces the code complexity in the application and its attack surface—which in return increases security.
  • Advanced Policy Manager is a highly universal solution that can be used for both customers and employees (CIAM and IAM use cases). It can be used with Janrain’s CIAM products, but works as well with almost any commercial CIAM solution and can even be integrated into internally-developed solutions.

We designed Advanced Policy Manager to give enterprises full control over who can do what on their digital properties, and enable them to provide users with the assurance that their data is being protected with the ultimate control over how their data is being used.

If you are interested in hearing more, please don’t hesitate to reach out.

Resources

Datasheet

Product Page