The two key components of the SecuPi offering are (1) SecuPi Management Server (SMS), and (2) SecuPi Policy Enforcement Points. Additionally, there is one specialized product jointly conceived by SecuPi and catalog vendor Collibra named ‘SecuPi ABAC for Collibra’
SecuPi's Management Server functions to create SecuPi data access policies and manages the deployment and synchronization of policy rules across the Policy Enforcement Points that are distributed throughout the organization’s software infrastructure. SecuPi Management Server also provides the hub for User Behavior monitoring and analytics and complete data usage audit records.
SecuPi’s Policy Enforcement Points (PEP) operate in-line with BI Applications, DBA Tools, Data Catalogs, Big Data applications, and ETL products, respectively, such as Tableau, DBeaver / Toad, Collibra, Cloudera Hive & Spark etc., and Confluent / Kafka. SecuPi PEPs operate in-line with data queries, and ensure that queries conform to the requestor’s rights and authorizations to view the targeted data. See the graphic below for a view of the range of technologies supported by SecuPi PEPs.
The very strong differentiator for SecuPi its unmatched capability for Attribute-based Access Control or ABAC for both on-prem and cloud environments. As government policy directives (e.g. from DoD Zero Trust Reference Architecture or the Whitehouse directive M-22-09 “Federal Zero Trust Strategy”, etc.) state “many authorization models in the Federal Government focus on role-based access control (RBAC), which relies on ‘static pre-defined roles that are assigned to users and determine their permissions within an organization. A zero trust architecture should incorporate more granularly and dynamically defined permissions, as attribute-based access control (ABAC)12 is designed to do.” (page 9, M-22-09). A SecuPi implementation of Zero Trust Data Access can start with just one PEP, and flexibly be expanded by deployment of additional PEPs across an organization’s software infrastructure.
SecuPi ABAC for Collibra is provides ‘Attribute Based Access Control” (ABAC) for the Collibra data catalog itself, such that the view of data cataloged will vary depending on the Users’ attributes such as identity, clearance level, location, project team, etc.
Licensing SecuPi products proceeds simply by enumerating the applications, tools, catalog, big data applications and middleware for which fine-train data access control and data privacy protection are required.