The Control Center is the attribute-based policy platform that fuels our other products. Organizations can author policies in a user-friendly business language so you don’t need to depend on programmers to create or change policies. Each policy represents a condition or set of conditions that affects whether a user will be authorized or denied access to specific information and the ability to perform certain functions with that information and under what circumstances.
The policies and rules are based on Attribute Based Access Control (ABAC). Attributes can represent information about the user, the data or the environment. For example, attributes can define citizenship, security clearance, department, data classification, project, location, device type, and time of day.
Authorization policies are created to allow or deny access based on certain criteria—to access an application or edit a document for example. Organizations can also create policies to audit or monitor activity. The policy framework supports versioning control and policy simulation and validation so you can do what if analysis and determine the outcome under a set of circumstances. This enables organizations to ensure their policies have the desired outcome and can understand the effect of any changes.
Centralized Policy Management
Centralized policy management provides control over policy creation, enforcement and changes. Typically, policies are created for individual applications or circumstances and are applied in silos. This makes it very difficult to consistently enforce policies across applications and geographies. Now you can create a single policy that spans all applications—maintaining visibility and control.
Administration functions are also streamlined. You can delegate responsibility for specific applications, who can see which policies, and who can edit. You can also delegate certain individuals for authoring and managing, reviewing and approving, system monitoring and compliance monitoring.
Attributes are retrieved from the application or other sources, such as LDAP server, customer management system, or HR system. The system utilizes the attributes about the user, the data and the environment to determine allow or deny.
Activity Monitoring and Auditing
All of the policy decisions and conditions are stored in a central audit server. The system uses this information to provide visibility into user activity through various dashboards and reports. Organizations can define rules to highlight suspicious behavior and issue alerts. The information can be exported into SIEM and other threat detection systems for further analysis.