SingleKey has a two-fold, complementary purpose:
- To provide access to your applications and data to appropriate users, no matter where they are;
- To provide absolute security for those same applications and data, on all levels.
SingleKey accomplishes these two goals by performing the following functions (“aggregated services”) for each protected network sub-segment:
- Authentication
- Authorization Access control
- Auditing
- Application proxying
- Firewalling
- Data Encryption
- Network isolation
- Policy caching
An enterprise can use multiple appliances to protect as many applications as necessary, in as many locations as desired. SingleKey may use your policy store or LDAP directory implementations like Microsoft Active Directory, Novell DS or any of the LDAP v3 implementations or our own SingleTone directory server.
A SingleKey appliance is deployed proximate to the application server or servers that it protects. All accesses to the protected server must go through SingleKey, which provides a complete range of security and management services before permitting access to the server. Therefore, SingleKey requires no changes to clients or servers or firewalls, unlike many other solutions.
SingleKey achieves high scalability and management flexibility by automatically integrating with enterprise LDAP directories via SingleTone. Organizations that deploy multiple appliances to protect their applications can therefore combine a defined security policy globally with distributed enforcement. This novel approach maximizes security and manageability while minimizing costs and deployment challenges.
SingleKey is intended to bolster data security at a time when network perimeter security is growing less and less self-sufficient, and when corporate applications have to be accessed by more remote employees and partners.
To this end, SingleKey decentralizes security to the application layer while at the same time centralizing access control, allowing for single sign-on to all corporate services.
This is done by placing one appliance in front of each network segment that you define. This can be a single application host, a load-balanced set of servers, or a suite of applications servicing a particular department within your organization.
Everyone attempting to access a SingleKey-protected resource has to present authentication credentials and be checked for authorization. It doesn't matter whether they are inside or outside your LAN; they have to login at application start-up, are authenticated via Kerberos-style tickets during the life of their session, and are timed-out of their session after a certain, configurable period of time has expired without activity.
This takes the full load of responsibility for network security off of your perimeter, and protects you from internal security threats like wireless access cards.