THE WORLD’S FIRST DEVOPS SECURITY TOOL SUITE
Cloudentity provides a suite of tools to unify identity and security across on-prem networks, data centers, and into the cloud. By abstracting the security configuration from the development process, Cloudentity allows you to execute a unified security strategy from the first step of software development, integrating seamlessly with your CI/CD deployment strategies while supporting legacy infrastructure and even SaaS-based third-party systems.
Declarative security means taking the burden from the development team and empowering the security team. Enforcing your company’s security policies across different development teams from a configurable source-of-truth easily accelerates the production of software by 20 to 40 percent, reducing long regression testing and QA cycles, allowing for rapid response to changing threats, compliance, or business needs.
The user experience is critical to the success of any project. Cloudentity User Tools make it easy for the user to manage their own identity while providing the enterprise the ability to inform and modify that user’s identity as requirements change.
Cloudentity Federation is a service that provides SSO (Single Sign On) for various types of disparate systems. It provides the interface for remote identity providers and service providers. Enable the possibility to map external entity attributes to one, which reflects Cloudentity entities structure.
User Self-Service Tools
Our user self-service tools allow individuals to manage their identity in the system. This includes registering and confirming their identity via mechanisms such as email, SMS, or other MFA tools, as well as establishing and managing preferences. This service is a combination of the Cloudentity UI tools and underlying APIs, allowing enterprises to customize the user experience as necessary.
Cloudentity User Store
The Cloudentity User Store is a scalable, customizable backend user store which can be managed using traditional LDAP tools or through the Cloudentity APIs.
SAML service provider (SP) management provides robust and customizable tools to connect user identities to security policy workflows and inform SPs of those rules. Connected with the Cloudentity API stack, and extendable with customizable business workflows and APIs, the SAML SP management tool brings modern requirements to established protocols.
The Cloudentity multi-factor authentication (MFA) solution links security policies when MFA is required for specific transactions. This greatly reduces the frustration of users faced with excessive multi-factor roadblocks for low-value transactions while providing the needed level of identity verification for high-value transactions. The MFA service supports SMS, TOTP, or verified email and/or voice communication channels.
The Cloudentity Token Exchange service (TES) is able to map sessions and entitlements from one IDP to another with a seamless user experience and minimal DevOps requirements. This provides critical support for organizations with multiple IDP solutions in place that need a way to easily connect sessions without forcing a second or third login.
Cloudentity Session Grid is responsible for exposing and managing session state as identified by a session token — that unique token is generated either from Cloudentity user tools or by validating existing OAuth or other tokens as the user reaches Cloudentity-protected systems.
As the industry continues to expand apps and microservices, the need for zero-trust security continues to grow. Cloudentity’s suite of service-level security tools provide everything from service-level security directly tied to the DevOps cycle through edge security to support legacy systems while enabling migration to more secure, higher visibility infrastructure.
Security begins at the microservice itself – the Cloudentity MicroPerimeter™ Sidecar evaluates each request, both inbound AND outbound, protecting your East/West traffic based on rules defined in the Security Policy Manager in the Cloudentity Core.
The Cloudentity MicroPerimeter™ Gateway is a lightweight, standalone tool to provide security enforcement where the MicroPerimeter™ Mesh is otherwise not optimal. The Gateway handles non-functional requirements (e.g. authentication, authorization, brute-force protection, etc.) on behalf of upstream services. By consuming the same rules from the TrustEngine™, each incoming request and outgoing response may be subject to custom transformation performed by configurable plugins.
The Cloudentity Services Grid provides endpoints to manage applications and microservices protected by the Cloudentity MicroPerimeter™ Sidecar and MicroPerimeter™ Security Gateway.
Service Mesh Sync
Service Mesh Sync creates a localized copy of the security policies from the Cloudentity Core. This allows the MicroPerimeter™ Mesh to make localized decisions without having to make a long-haul back to the centralized source of truth, reducing enforcement time from thousands of milliseconds to less than one.
The Event Aggregator is the central listener to track all transactions in the MicroPerimeter™.
In the growing world of IoT, “things” require greater scrutiniy including an understanding of current risk based on types of devices, location and other dynamic details.
The Device Grid provides API tools and a distributed data store to track the identity and security risks associated with devices.
Cloudentity provides a number of core tools that provide the backbone of the User/Services/Things security.
The Cloudentity TrustEngine™ is a combination of APIs and practices that allows you to define security policies and have those polices directly applied to security tools from a single source of truth.
General Admin Tools
Cloudentity’s Admin Management Tools provide a core set of UI and API tools to grant access to people and tools that require it for administrators of the Cloudentity platform, and it allows developers to register applications.
Distributed Data Store
The Distributed Data Store provides a highly available, scalable data store with multiple data center support.