Security
The world's largest and most secure intelligence organizations have deployed Autonomy to safeguard their most sensitive information assets. Autonomy provides all aspects of security management including document and intra document access control against user, group and role level entitlement. Encrypted inter-machine and intra-process communication protocols are woven into the fabric of Autonomy's modular design at a fundamental level providing secure transmission of information throughout the architecture.
Autonomy's Intellectual Asset-Protection System (IAS) is a comprehensive and modular security architecture that uniquely provides:
- Asset scalability through Mapped Security;
- Group membership scalability through Group Servers
- Operational granularity via a Document-centric model enabling secure real time operation and total flexibility over your security policies.
Authentication
The first step in any secure system is authentication - knowing for certain whom a user actually is. As well as Autonomy's own technology, that supports a Public Key Infrastructure approach, Autonomy modules bind to existing user-authentication systems such as those provided by NTLM and Lotus Notes, and integrate with single sign-on and user directory systems such as LDAP to provide resolution from a single username to credentials on multiple repositories.
Entitlement
Once authentication is complete, any response an Autonomy-powered application provides to a user consists only of information to which that user has access. As Autonomy solutions typically utilize information held in multiple repositories, each with its own proprietary security schema. This security resolution process is a heterogeneous and computationally complex one that must take place every single time any user requests any information.
Legacy systems control the complexity of multiple security systems by insisting different systems are held in separate engines, indexes or collections. In contrast, Autonomy's multi-dimensional document property model supports security on a document-centric basis, allowing organizations complete flexibility in the design of their security model and minimizing processor and hardware demands.
Mapped vs Unmapped Security
| UNMAPPED | MAPPED |
| Relies on direct communication with repository | Indexes ACLs and other security information at index time |
| Every result of every query resolved using an asynchronous, network based process | Every result of every query resolved synchronously, in parallel with query resolution itself |
| Directly impacts your existing system, leading to poor performance on your current applications | All computation handled effieciently within Autonomy IAS architecture |
| Caching that works only in limited scenarios and sometimes fails drastically | Efficient resolution of entitlement in every scenario providing the first system to operate securely in real-time |
Unmapped vs Mapped security
In resolving entitlement, legacy systems depend on an unmapped security process. Here the legacy technology must communicate at least once and often multiple times with underlying repositories in deciding whether a user is entitled to view the information the system has decided is relevant. Such an approach leads to massive network and processing overheads and does not scale within the context of production systems. Caching - whether naïve or intelligent - of recent accesses works only in extremely limited scenarios and has associated with it multiple request behavioral cases that can lead to catastrophic loss of performance.
In contrast, Autonomy uses unique mapped security architecture to store security entitlement information, such as Access Control Lists, within the information store itself, directly associated with the documents to which they apply. In this way, entitlement resolution is just another part of the standard query resolution, occurring just once per user request and at no extra network overhead.
Autonomy's tripartite security architecture also makes use of Group Servers to efficiently manage higher-order security entities such as user groups and roles. Apply the document-centric approach within this architecture, Autonomy is able to support all standard security constructs - such as users, groups, roles, domains, folders and databases and is available across all supported repositories that provide security including, but not restricted to, Lotus Notes, Microsoft NT and Exchange, Oracle, Documentum.
Secure Communications
An architecture as modular in design as Autonomy's, requires multiple subsystems to communicate with each other, often across insecure networks. Autonomy modules are all capable of operating in a secure communications mode, providing with a minimal processing overhead the protection of 128-bit encryption.
In conclusion, Autonomy's IAS provides the enterprise with the confidence to leverage all available information assets in building business applications that create ROI. Approaching security with an architectural solution ensures there are no weak links, while attention to detail at the modular level provides IAS with the breadth of support and scalability necessary to make secure production systems a working reality.
