Security Research Firm Announces Top Five Things CISOs Should Know About Entitlement Management


Share on LinkedIn

Whitepaper Outlines Cost Savings and Productivity Gains when Organizations Forego Hard-coding Entitlements into Applications and Deploy Purpose-Built Tools

Chief Information Security Officers are getting plenty of respect, as evidenced by steadily escalating budgets and expanding staff resources to harden organizational security. While most large enterprises have met compliance standards with respect to defending the perimeter, it is the internal controls – who is entitled to access what – that continues to challenge these organizations. Addressing this, Echelon One has announced the top five things CISOs should know about Entitlement Management.

Echelon One, a leading information security research and consulting company, has released a whitepaper entitled, Five Things the CISO Would Like their Organization to Know About the Importance of Entitlement Management. The paper was developed to help C-level executives understand the security, user and administrator productivity, and compliance benefits of using Entitlement Management products to manage authorization functions across enterprise applications and data stores. Securent, Inc., the leader in the Entitlement Management market, commissioned the paper, which is available at its website—

In its research for the project Echelon One observed that organizations can spend 100-500 hours hard-coding entitlement rules into each of their applications as they update them to fit new compliance standards. In addition, line-of-business managers may spend as many as 60 hours per year performing entitlement reviews, in order to sign off on compliance documentation required by auditors.

“The huge, repetitive cost of these tasks implies the potential for a high order of savings, productivity gains and security improvements, provided that organizations can escape the need to endlessly repeat the same access management chores,” said Rajiv Gupta, CEO Securent.

After conducting many security reviews in a variety of industries, the Echelon One staff developed a whitepaper outlining five key questions. They are:

1. What is Entitlement Management and why should my organization care?
2. Why is Entitlement Management a leading compliance concern for corporations today?
3. How have enterprises managed Entitlements historically?
4. What is the best way to address Entitlement Management and meet compliance requirements?
5. What are the expected compliance and security benefits of deploying Entitlement Management tools?

Following the discussion of these topics the whitepaper concludes that, “Specifically designed Entitlement Management tools like those from Securent can help organizations achieve their compliance and audit concerns by creating a consistent, standards-based infrastructure for managing and enforcing the appropriate access and entitlements across the enterprise.”

Among the benefits of these tools, the paper cites:
? Easier audits and persistent compliance
? Savings from the elimination of redundant programming
? Enhanced visibility and security
? Increased speed to market gained by untangling security from applications

“Entitlement Management,” the whitepaper argues, “provides visibility and ease of control around who has access to applications and information and what they can do with it. As a result, organizations must begin to turn more toward the use of entitlement policies to comply with increasingly complex compliance regulations.”

As a final caveat, the paper advises steering away from the silo approach to Entitlement Management. Instead, Echelon One advocates a holistic approach to Entitlement Management with tools such as Securent EMS.

“The key challenge for most IT departments in 2007 will be deciding how they plan to manage user entitlements effectively. To achieve compliance, audit and security goals, enterprises must resist the urge to build entitlements into applications and deploy purpose-built Entitlement Management tools.”

About Echelon One
Echelon One is an information security research company that specializes in helping executives develop the right combination of people, processes, and tools in order to maximize the impact and effectiveness of their security investments. Echelon One is comprised of a group of the most respected thought leaders in the information security community and helps executives to become efficient and effective providers of information security services for their employees, customers and business partners.

About Securent
The leader in Entitlement Management, Securent enables organizations to secure sensitive applications and data with ease and precision. Securent’s Entitlement Management Solution (EMS) is the industry’s most robust XACML-based solution, allowing organizations to create, enforce, review, and audit fine-grained access policies across heterogeneous application and IT environments distributed throughout the enterprise, all with centralized management and visibility. The significant cost, time to market, and compliance benefits of EMS have been proven at many Fortune 500 customers. Securent has been recognized as the leader in the Entitlement Management market by the key industry analysts, including Gartner, Burton Group, and Forrester Research. Headquartered in Mountain View, California, Securent is backed by Greylock Partners and Onset Ventures. For more information, please visit

Securent is a trademark of Securent, Inc. All other product and/or company names mentioned herein may be trademarks of their respective holders.

News Editor
CustomerThink offers a free news posting service for press releases relevant to our community. To submit your press release to our news editor, send an email to [email protected] with the press release headline and main content in the email subject line and body, respectively. That's it! Approved press releases will appear in our news category within one business day of submission.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here