AEP’s policy for security

CloudProtect is a policy management environment aimed at providing the essential oversight of all aspects of security policy, from ensuring that the correct security tools of the specified version level through to controlling levels of user access to applications and services. This approach applies equally well to both large enterprises with significant on-premise resources, through to managed service providers looking to offer users more than just additional MIPS.

 

For some service providers, this raises the opportunity for them to target both enterprises looking to develop private clouds, and other, smaller service providers looking for a source of policy management services. New services, such as providing secure remote access to key applications, can be introduced rapidly. According to Mark Darvill, Director at AEP Networks, this means they can make a profit from these services from month one.

 

CloudProtect enables every device looking to access applications to be checked for compliance with security standards. It assigns each device with an authorisation fingerprint defining the security policy that applies, which ensures that only safe devices can access the application. 

 

CloudProtect is packaged for service providers as a sell-through subscription service where the charge is based on a per-user/per-day model. “So if a service provider only has 10 connections per day they only pay for 10,” Darvill said.

 

AEP is not providing this as a SaaS service, but it can be run as multi-tenanted environment by a service provider. This allows them to sub-let the service to other service providers, creating the opportunity for multiple revenue streams as a SaaS service provider. This also allows them to host – and build – communities of common interest based upon common, policy-based security management.

 

It is based on providing policy-driven security services accessible via Virtual Private Networks (VPN) and with full end-point security. “This gives end users and service providers significant levels of flexibility, as this can range from `no policy’ for a specified user through to tight control over access to applications, services, data and the scope of tasks allowed” Darvill said.

 

It operates completely independently from the underlying applications and operating systems, so there are no integration issues at all to contend with. “It is, in effect, a point-to-point, policy-driven security wrapper. So it can manage the policies associated with tasks that range from functionally rich Web 2.0 service interaction and delivery down to running task-specific thin client environments,” he said.

 

Darvill sees CloudProtect offering service providers a tool with which they can differentiate the services they offer. “It can provide highly variable, totally customisable policy selection,” he said, “which in practice means that if a task can be managed by policy it can be covered by CloudProtect.”

 

It can work with a wide range of policy directories, though Darvill suspects that LDAP and Active Directory will be amongst the most popular. “It can work with all the industry standard directories, and can be geared to work with either a service provider’s existing directory, or that specified by an end user. If it is being run on a user’s own systems, be they end user or service provider, one of the policies applied can include probing all of the kit to ensure that policy on internal security, such as use of correct anti-virus software, is adhered to. It can also manage the application of remedial action.”

 

As a side benefit, CloudProtect can also deliver universal printing capabilities, creating a policy-managed virtual print queue.

 

“The target is to create something that makes it easy for service providers to sell something that makes it easy for the end user,” Darvill said.