Entitlement Management

How It Works

Integration with Applications

Most vendors in this space give you a Software Developer Kit (SDK) for everything and say go for it. We have spent a lot of time and effort pre-integrating our solution with key applications. These are out-of-the box! You can install the EM module within minutes or hours. This integration allows NextLabs to intercept events within the application, such as clicks to access data, data entry, queries, and transactions being submitted.

If you have homegrown, cloud or mobile applications you can easily integrate those with our standards-based SDK. We have APIs for the most popular programming languages and environments, including Java, C Sharp, C++, and REST and can provide you sample code to get you up and running in minutes.

Controlling Access

The organization defines policies or rules that outline what people can do and under what circumstances. The policies and rules are based on Attribute Based Access Control (ABAC). Attributes can represent information about the user, the data or the environment. For example, attributes can define citizenship, security clearance, department, data classification, project, location, device type,
and time of day.

The Entitlement Manager gets the attributes from the application and from external sources. As the Entitlement Manager is evaluating policies to determine access, the authorization engine can retrieve additional attributes dynamically from other sources, e.g. user information from LDAP server, credit score from Equifax, information from HR, or a customer database.

Enforcing Policies

The EM automatically enforces access to enterprise, cloud and mobile applications, web services and REST APIs, databases, file systems and Content Management Systems. This dynamic authorization—authorize or deny access—happens based on policies at runtime. This real time enforcement allows organizations to change policies as needed and have them enforced immediately so it does not impact the business.

You can control access to the application itself or parts of the application down to the individual field or button level. The system can filter data so the user only sees what they should see. An example could be an account executive can only see customers in their territory. Data redaction and dynamic data masking for selective fields ensures sensitive information is not public. You may want a manager to see salary details for direct employees, but not others in the group. Or, you may want to restrict a business transaction. For example, a user who created a vendor record should not be allowed to make payments to the same vendor. All of these controls are easily implemented in the solution.

Monitoring Usage

Organizations can monitor all of the data activity easily and quickly. They can view document sharing history, usage patterns, and attempted access. This information can be used to detect anomalies or suspicious activity within the organization or extended enterprise to ensure that data has not been compromised or to prevent breaches from happening. Dashboards and reports are available and organizations can easily customize them.