May 29, 2001, 11:32 AM — When it comes to keeping your company's systems secure, employees and managers play roles as important as those of the technological gadgets they deploy. Any security shield that protects your business should be accompanied by sound company policies that explain risks, outline duties, and recommend correct behaviors to your users. Failure to do so could expose your company to litigation and possibly to damaging public embarrassment.
Unfortunately, keeping your users up to speed on security policies bears a significant cost because you need to create and disseminate those documents and then verify that your users acknowledge and understand them.
PentaSafe Security Technologies Inc., a software company that specializes in security products, offers a comprehensive solution to that problem with VigilEnt Policy Center (VPC) 2.0. The next release of the policy management software will employ a common, Web-based infrastructure to create, publish, and monitor security policies.
We looked at the beta version of VPC 2.0 and were impressed with its simplicity, ease of use, and powerful publishing and user-training capabilities. Despite some rough spots in the beta version, we recommend deploying the product when it is released in June.
Security policies on the move
Primarily, VPC is a browser-based platform for creating and publishing security policies written clearly and simply for the benefit of your employees. In addition to English, Version 2.0 can communicate with users in French, German, and Spanish, although the solution doesn't automatically translate a policy into a different language. The product provides its own HTTP server and integrates with Microsoft Corp. IIS on Windows NT 4.0 and Windows 2000 platforms.
From a browser-contained client, security administrators can write policies using wizards and templates, or they can import existing documents in the most common formats, including rich text, XML, HTML, Microsoft Word, and Adobe Systems Inc. Acrobat. Administrators can instantly publish a new policy and make it available to users across the company network, regardless of the employees' location. VPC stores policies in its embedded database or in a Microsoft SQL Server repository. Users view and acknowledge new policies from their browser-based client.
To simplify administrative tasks, VPC allows administrators to import user and group lists from an LDAP directory or text file. By doing so, administrators can easily maintain consistency with existing authentication systems. They can also define homogeneous access control lists that identify target users, such as developers, computer operators, accounting clerks, or security managers, and specify their access rights for each policy. When a new document is published, VPC will automatically insert a link to the document and a warning message on those users' home page.