SBX Enigma™ - Enterprise Access Control
SBX Enigma™ is access control software that enables an Enterprise to protect sensitive assets - servers, files, documents, or data elements - through centralised management of user access to such assets. SBX Enigma™ is a server-based technology provided as a sealed, installation-ready appliance, and has been awarded certification in the Data Protection category under the global Common Criteria for Information Security standards.
Centralised Access Management & Audit
SBX Enigma™ can be viewed as a central “IT-directory” that lists sensitive assets (e.g., servers, applications, databases, documents, files, fields, and even individual data elements) described by the Enterprise System Managers. Associated with each information asset in the directory, SBX maintains a discrete access control list (ACL) that specifies which users have access authority/privileges to that asset.
The SBX IT directory becomes an access control resource that is used by services and applications operating in the Enterprise. As a web service, SBX is instantly available to respond to requests it receives from these services and applications. When a user interacts with a specific application to access, for example, a sensitive document or a customer record, that application instantaneously submits a query to SBX Enigma™ to determine the user’s access privileges. As examples, an application might ask:
- Is this user permitted to access me (the application itself)?
- Can this user access this file? This file’s decryption key?
- What database fields can this user access? Read-only or Read/Write?
- What data elements can this user access?
Based on the responses it receives from SBX Enigma, the application is able to implement fine-grained access control over the information it provides to the user and, in this manner, the application implements the rules of the Enterprise security framework. Importantly, SBX Enigma™ also provides comprehensive audit capabilities that enable all activities to be tracked and reported upon.
Fine-Grained Data Protection
In addition to providing centralised access control, SBX also provides a unique security capability that can be described as a ‘secure storage function’. As shown in the diagram, this function involves the secure storage of data in the SBX Enigma™ datastore.
The secure storage, or Lockbox, function of SBX Enigma™ provides the Enterprise with a safe place to store data elements that otherwise might be compromised if maintained in traditional repositories. The extraordinary protection provided by the SBX Lockbox enables the most sensitive data elements – encryption keys, PII, Tax Ids, credit card numbers – to be removed from the dangers of unauthorised penetration and securely managed inside SBX Enigma, uniquely identified and protected.